How would I set up the central management settings if I was setting up two MWG7 appliances in Proxy HA mode? If possible could someone post some examples? Also, if upgrading from 6.8.6 to 7, is there anything that needs to be done Port wise since 6.8.6 uses 10000 and 7 uses 4711 and/or 4712?
I don´t think that I am sure what information exactly you are looking for.Basically when setting up two boxes with Proxy HA and Central Management, I would perform the following Steps:
- Install MWG7 ISO to both nodes
- Configure BoxA and BoxB in regards to IP, Subnet, Default GW, DNS using the initial configuration Wizard. Activate SSH access for both devices and configure the root password.
- Once both boxes are booted up access each Box individually on the GUI (port 4711) and insert your license. Save the changes.
- Log Off from BoxB
- On BoxA, go to the Configuration tab
- Hit "Add" here, and add BoxB by its IP address to the Central Management.
From now on when logging on to the GUI on the Configuration Tab you will see both of the Appliances. It is improtant to notice that there is no Master/Site anymore, but all boxes share everything you find under the Policy tab, but to not share anything from the Configuration tab. You can only access ONE GUI now, means if you connect to the GUI on BoxA, noone will be able to connect to the GUI on BoxB.
No matter to which GUI you connect, you can change the settings on BoxA and BoxB, since you can choose them now from the GUI.
Now set both appliances (from one GUI) to Proxy HA, and define the same virtual IP settings for BoxA and BoxB. This is not synched in the Central Management so this has to be done individually. Make sure all settings are the same on BoxA and BoxB.
I think now you should be ready to go.
In regards to the Ports I don´t think that anything needs to be changed here. In MWG7 error templates etc. are no longer downloaded via the GUI ports, so Clients only need access to the Proxy port you like to use, while Admin PCs of course have to access 4711/4712. Furthermore the Ports for Cetnral Management need to be reachable between the MWG7 nodes, in case there is a Firewall between both boxes.
Please let me know if you need anything else.
When building the config cluster be careful with the Priority Settings. One Machine should have the priority 1, the other cluster nodes a priority higher than 1. That means a lower priority. :-)
Just keep care about this behaviour.
When our cluster node with the highes priority is down and you are changing some config on an other cluster node, this node will keep the Management GUI. It is not changing back to your original "master"
If you are not changing any value this doesnt happen.