cancel
Showing results for 
Search instead for 
Did you mean: 

How to config HA Web Gateway 7.0

Dear,

How many Web gateway appliance can run HA together? can we run HA difference models of WG (Ex: HA ;WW1100E and WG5500)?

Have you got any document about HA for Web Gateway 7?

Thanks

0 Kudos
13 Replies
McAfee Employee

Re: How to config HA Web Gateway 7.0

Hello,

the HA is quite simple.

On all:

1) Set Configuration > Proxies to Proxy HA

2) Set port redirect to http (80,443)

3) Set the management interface to an IP of the appliances which can see all other appliances (this is the heartbeat interface)

On two appliances:

1) add the same VIP for an interface on the same 'side' of the network.

2) on one the the director prio to 99

3) on the 2nd one the the director prio to a lower value such as 90.

HA.jpg

DONE

You will be notified after saving that the box will restart.

After all is finished, run mfend-lb -s on the shell of  director (the one with 99) this will show the subscribed nodes.

best,

Michael

0 Kudos

Re: How to config HA Web Gateway 7.0

Thank for your support,

What's happen when I run HA between 2 model WG difference (ex: WG5500 and WG1100)?

And How many maximum WG appliances we can run HA?

Thanks and Regards,

0 Kudos
McAfee Employee

Re: How to config HA Web Gateway 7.0

There is actually no real limt. The limit is network traffic. If the boxes are connected vi 1G you could simply hook 10 larger appliances together, as they actually can handle 100Mbit each. so 10x100 = 1G.

For the smaller - they can handle more, as they only handle roughly 10M or so, that means you can put 100 of them together (theoretically of course).

The heartbeat we do will avoid overload of boxes generally.

best,

Michael

0 Kudos
smalldog
Level 12

Re: How to config HA Web Gateway 7.0

Hi Michael, I have one question. Is this failover or two appliances running the same time? Any guide for HA Webguide? Thanks!

0 Kudos
McAfee Employee

Re: How to config HA Web Gateway 7.0

Hello,

generally HA is an active/active configuration, that means that bith instance will take traffic and process it. From the two, one appliance will act as a so called director, whereas the other one is backup. The two appliance share a VIP (virtual IP) and decide via VRRP which ones gets traffic. This is steered through the priority setting for HA, the higher one is the primary director, the lower the secondary. Traffic will be balanced between the appliances.

Setup should be described in the Product Guide.

best,

Michael

0 Kudos
chris.lee
Level 7

Re: How to config HA Web Gateway 7.0

Hi Michael, i have an question, how about in transparent router mode. Can it support active active HA as well and how about the policy synchronous?

Thanks!

Chris

0 Kudos
McAfee Employee

Re: How to config HA Web Gateway 7.0

Hi Chris,

yes! Transrouter is also active/active and supports policy synchronisation.

Michael

0 Kudos
chris.lee
Level 7

Re: How to config HA Web Gateway 7.0

Hi Michael,

Good Day, Possible to provide the guide for configure active/active for Transrouter and policy synchronisation? i try to do that but no luck.

Many Thanks!

Regards,

Chris Lee

0 Kudos
smalldog
Level 12

Re: How to config HA Web Gateway 7.0

Hi Michael, i configured Web Gateway in Proxy HA that working well but i check logs on two appliances that just one appliances process web request. Maybe HA web gateway just Active/Passive (not sure)? how to make two appliances load balancing? Thanks!

0 Kudos