Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuring failover for web gateway

I am trying to configure proxy failover in our gateways, and I am not sure what is the best option, currently I have 2 rule2 rule1 to add a forward header next hop proxy, normaly it is deactivated rule2 rule engine that make the proxy test its access to, if the HTTP code is 500/502, the rule event send a notification to our team, and someone login to GUI and activate the rule1 now I want to automate that, so what I am looking for is to add an event in rule2, that automatically activate rule1 when the received code is 500/502 , and deactivate rule1 when it any HTTP code different than that, but it seems not possible so far Any suggestion ? if you know about a better to configure failover, I am up to it also Regards Elias
2 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Configuring failover for web gateway

Hi @echaoul 


please bear in mind that there are multiple ways to "activate" a rule. You could try to run your Rule which is testing for response code. If you receive one of the configured you can set UserDefined Property called like UserDefined.FailoverEvent. This can be considered a Boolean value of false or true. Your second rule has starting Property UserDefined.FailoverEvent eq true and defined action of your second next hop proxy event. The downside will be always trying to reach out your default next hop and failover only in case it delivers configured response code. To address this you could use PD storage value for with a defined TTL of 5 min or more can be configured.


Best Regards,

- Sergej

Best Regards,

If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Re: Configuring failover for web gateway

Hello Sergej

Thank you for your response, 

I am still not sure how to proceed, first I don't find PDSTORAGE.NEXTHOP property, is it a native property or I have to create it ? 

and second, how do I set the TTL that you have suggested ?

My understanding is, a periodic rule engine trigger ( lets say every 1 min ) will test a specific web site and if the http response code is 500/502 , the rule will set PDSTORAGE.NEXTHOP = True, if  response code is NOT 500/502, then it will reset the PDSTORAGE.NEXTHOP = False , the incoming client requests in between the rule engine ( during the 1 min ) will hit the rule that enable next hop proxy only if PDSTORAGE.NEXTHOP = True. 
is this correct ? 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community