cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 4

Proxy HA and load balancing.

Jump to solution

Hello All.

we have a cluster of two appliances . we used to use the DNS to balance the load between them.

now we upgraded the appliances software to 7.4.2 and configured them in Proxy HA mode.

we have tested the HA  and it works properly, but without load balancing.

first node ip address: X.X.X.30/24 (director)

second node ip address X.X.X.31/24

the virtual ip address X.X.X.32/24

How to configure the load balancing between the two appliances with HA?

another question please, when any user changes the proxy settings from x.x.x.32 (VIP) to x.x.x.30 or .31 he still able to access  the internet. is there any way on MWG to prevent any computer from accessing  the internet using .30 or .31 as a proxy server ?

Regards,

Anas

1 Solution

Accepted Solutions
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 4

Re: Proxy HA and load balancing.

Jump to solution

I am suggesting you to follow this:

Load-balance configuration:

A.jpg

end users use 192.168.180.127:8080 as explicit proxy, 192.168.180.127 is 'Director VIP'.

director (active):192.168.180.135

director (passive):192.168.180.137

scanning node: 192.168.180.138

Master Director:

B.png   C.png

Backup Director:

D.png   E.png

Scanning only node:

F.png  G.png



Note:  Here you can see the best practice with attached file which you can use in both Proxy or Transparent Mode.


Good Luck.

View solution in original post

3 Replies
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Proxy HA and load balancing.

Jump to solution

Hello,

if the load is not shared across the node it might be a reason that you have not configured the "Port Redirects" in the Configuration -> Proxies tab, right below the Proxy HA settings. Only ports listed here are picked up by the network driver and are shared between the nodes.

Also please note that "Source IP" is the criteria used for sharing the load, so if all requests come from a single IP address (NAT, downstream proxy, etc) load sharing can't be applied.

Restricting access to the VIP only could be done with a firewall sitting between clients and MWG. On MWG itself it is required that the proxy port is opened as otherwise the cluster health check fails which causes nodes to be marked as "offline".

Best,

Andre

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 4

Re: Proxy HA and load balancing.

Jump to solution

I am suggesting you to follow this:

Load-balance configuration:

A.jpg

end users use 192.168.180.127:8080 as explicit proxy, 192.168.180.127 is 'Director VIP'.

director (active):192.168.180.135

director (passive):192.168.180.137

scanning node: 192.168.180.138

Master Director:

B.png   C.png

Backup Director:

D.png   E.png

Scanning only node:

F.png  G.png



Note:  Here you can see the best practice with attached file which you can use in both Proxy or Transparent Mode.


Good Luck.

View solution in original post

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 4

Re: Proxy HA and load balancing.

Jump to solution

Many Thanks asabban & M. BM.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community