cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
alisher
Level 8
Report Inappropriate Content
Message 1 of 8

McAfee Web Gateway Cluster

Jump to solution

Hello

I have MWG1 on virtual machine and MWG2 physical hardware.

Until this moment I use only MWG1 and all my settings on this device.

Now I have MWG2 and want to set MWG1 and MWG2 as cluster.

How can I do this? (step by step)

1 Solution

Accepted Solutions
jscholte
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 8

Re: McAfee Web Gateway Cluster

Jump to solution

Hi Alisher,

If we're talking "cluster" in terms of "syncing policy" only, then go to Configuration and click add, then type the other node's IP (see: ). The node you add will absorb the policy

adding a node.png

If we're talking "cluster" in terms of "sharing traffic and load", then you'll need to join them as noted above, plus create a proxyHA cluster (or transparent bridge, or transparent router). See

Best Regards,

Jon

View solution in original post

7 Replies
snoehler
Level 10
Report Inappropriate Content
Message 2 of 8

Re: McAfee Web Gateway Cluster

Jump to solution

Hey
what exactly do you mean with cluster? Do you want your appliances to run in a HA or in a central management?

jscholte
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 8

Re: McAfee Web Gateway Cluster

Jump to solution

Hi Alisher,

If we're talking "cluster" in terms of "syncing policy" only, then go to Configuration and click add, then type the other node's IP (see: ). The node you add will absorb the policy

adding a node.png

If we're talking "cluster" in terms of "sharing traffic and load", then you'll need to join them as noted above, plus create a proxyHA cluster (or transparent bridge, or transparent router). See

Best Regards,

Jon

View solution in original post

alisher
Level 8
Report Inappropriate Content
Message 4 of 8

Re: McAfee Web Gateway Cluster

Jump to solution

I want to set first MWG as Director node and second MWG as Scanner Node

asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: McAfee Web Gateway Cluster

Jump to solution

In Proxy HA all members of the HA will be Scanning Nodes. One node acts as a director (failover to other machines possible).

Jon already posted the right link, including Step-by-Step instructions.

Best,

Andre

alisher
Level 8
Report Inappropriate Content
Message 6 of 8

Re: McAfee Web Gateway Cluster

Jump to solution

Ok. Thanks

alisher
Level 8
Report Inappropriate Content
Message 7 of 8

Re: McAfee Web Gateway Cluster

Jump to solution

When I add ip second MWG I get log list below:

Add Appliance failed:

cannot add node because local node has no running listener available - new node would not be able to talk back to this node

Stack trace: com.scur.k.shared.exceptions.KClientServerException: Node "564DD729-5C1A-A409-E625-E8416E7F83F3" reports STATUS_ERROR:

cannot add node because local node has no running listener available - new node would not be able to talk back to this node

  at com.scur.k.app.communication.ServerRequest.callServerFunction(ServerRequest.java:260)

  at com.scur.k.app.communication.ServerRequest.callServerFunction(ServerRequest.java:233)

  at com.scur.k.app.communication.ServerRequest.addAppliance(ServerRequest.java:1103)

  at com.scur.k.app.appliances.TabApplianceConfigurations$4.doInBackground(TabApplianceConfigurations.java:570)

  at com.scur.k.app.appliances.TabApplianceConfigurations$4.doInBackground(TabApplianceConfigurations.java:564)

  at javax.swing.SwingWorker$1.call(Unknown Source)

  at java.util.concurrent.FutureTask.run(Unknown Source)

  at javax.swing.SwingWorker.run(Unknown Source)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

  at java.lang.Thread.run(Unknown Source)

Caused by: com.scur.k.shared.exceptions.KCoordinatorNodeException: Node "564DD729-5C1A-A409-E625-E8416E7F83F3" reports STATUS_ERROR:

cannot add node because local node has no running listener available - new node would not be able to talk back to this node

  at com.scur.k.server.ww.adapter.AdapterUtils.analyzeResponse(AdapterUtils.java:270)

  at com.scur.k.server.ww.adapter.AbstractAdapter.fromCoordinator(AbstractAdapter.java:81)

  at com.scur.k.server.ww.adapter.AbstractAdapter.send(AbstractAdapter.java:175)

  at com.scur.k.server.ww.WwCommunicationManager.addNodeToCluster(WwCommunicationManager.java:202)

  at com.scur.k.server.manager.ApplianceLoader.addAppliance(ApplianceLoader.java:42)

  at com.scur.k.server.Konfigurator.addAppliance(Konfigurator.java:564)

  at com.scur.k.server.ServerFunctionHandler.processServerFunction(ServerFunctionHandler.java:291)

  at com.scur.k.server.Request.doPost(Request.java:119)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)

  at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)

  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

  at com.scur.k.server.filter.AuthenticationFilter.handleNeedsAuthentication(AuthenticationFilter.java:116)

  at com.scur.k.server.filter.AuthenticationFilter.doFilterHttpServet(AuthenticationFilter.java:81)

  at com.scur.k.server.filter.AuthenticationFilter.doFilter(AuthenticationFilter.java:68)

  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

  at com.scur.k.server.filter.SetHeaderFilter.doFilter(SetHeaderFilter.java:83)

  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

  at com.scur.k.server.filter.SetHeaderFilter.doFilter(SetHeaderFilter.java:83)

  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)

  at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:879)

  at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:610)

  at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1777)

  at java.lang.Thread.run(Thread.java:745)

How can I solve this?

The license first MWG expired.

Ip address first node is 192.168.2.20/24, second node 192.168.64.20/24.

jscholte
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 8 of 8

Re: McAfee Web Gateway Cluster

Jump to solution

The default listener port for Central Management is 12346. So make sure that each appliance can talk to each other on port 12346 (bidirectional).

Also, make sure that the IP configured in Central Management matches the IP of your actual appliance.

So... if the IP of MWG1 is x.x.x.1, then the Central Management listener should be x.x.x.1:12346

And   if the IP of MWG2 is x.x.x.2, then the Central Management listener should be x.x.x.2:12346

And   if the IP of MWG3 is x.x.x.3, then the Central Management listener should be x.x.x.3:12346

and so on

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community