cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

How to delete some key in PD Storage Global in scanner node Proxy HA mode?

I has insert key and value in pd storage with proxy ha mode with vip.

when i delete pd storage key in node A with 10 min pd storage key be back again.

like:

mwg node A : userA => 192.168.1.10 , userB => 192.168.1.20, userC => 192.168.1.30

mwg node A : userA => 192.168.1.10 , userB => 192.168.1.20, userC => 192.168.1.30

when I deleted pd storage key "userA" in mwg node A

some time (10 min) mwg node A have userA again.

Can we delete both in mwg nodes?

5 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: How to delete some key in PD Storage Global in scanner node Proxy HA mode?

Hello,

deleting does not work really well. The problem is that every 10 minutes the PD Storage is "synchronized" across the cluster, which means for one key the most recent value will be stored to all MWGs.

If you have the key userA set at 11:00 on MWG Node A and deleted userA on MWG Node B on 11:01 the synchonization sees that userA set at 11:00 is the latest value, and share that across all nodes.

Deleting on all nodes could be theoretically done with some Javascript calls, but requires some manual work and additional rules.

Can you share what you want to achive? Maybe we can think about a suitable workaround.

Andre

Highlighted

Re: How to delete some key in PD Storage Global in scanner node Proxy HA mode?

Hello Asabban,
I want to use PD Storage for keep user key and ip list value for policy 1 user can authentication with 1 device ip. And delete user key when want to disconnect user but when i have 2 node scanner i disconnect user1 while 10 min user1 be back to pd storage again.
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: How to delete some key in PD Storage Global in scanner node Proxy HA mode?

Hello @Norrawat 

to make it work you have to include an appliance hostname or IP in the PDStorage key or disable PDStorage syncronization.

Do not use PDStorage.UserData - it works different than expected.

here are three working solutions:

1. use PDStorage.{Get,Add,Has,Delete}GlobalData with a key <MWG_hostname>_userA of type IP or ListOfIPs (because the same user can be logged on several devices)

2. use PDStorage.{Get,Add,Has,Delete}GlobalData with a key <MWG_hostname>_userA of type String "<timestamp>_IP" or "<timestamp_IP1,IP2,IP3,..." - in this case you include a timestamp of the last auth to be able to use recent information only. You need to extract a timestamp and IP/IPs using a regex (String.ReplaceFirstMatch).

3. disable PDStorage sync if you don't need to share info cluster-wide.

 

For rule's development and testing you can use @feickholt  PD script: https://community.mcafee.com/t5/Web-Gateway/PDs-experiences/m-p/357497/highlight/true#M7472

Highlighted

Re: How to delete some key in PD Storage Global in scanner node Proxy HA mode?

Hello

As i reply to Asabban.
it's my solution. Have you any idea?
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: How to delete some key in PD Storage Global in scanner node Proxy HA mode?

Hi,

the approach of @fw_mon is correct, it is possible to work around the limitations by adding the hostnames to PD storage keys or manually maintain expiration dates in a separate key, rather than relying on the key "expiring".

As mentioned in central management with synchronization of PD Storage data the key will not reliably expire and vanish.

Andre

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community