cancel
Showing results for 
Search instead for 
Did you mean: 
Troja
Level 14

Secure Web - HA Cluster Configuration

Hi all,

has anyone tried the HA Cluster with MWG 7.x?? I tried several settings and configurations, but it is not working.

Has anyone any hints for me?

cheers, Thorsten

0 Kudos
13 Replies
puliyadim
Level 7

Re: Secure Web - HA Cluster Configuration

I am using 7.x on HA cluster (2 units) and I do not have any issues. May I know in what mode have you deployed the proxy?

Dinesh

0 Kudos
Troja
Level 14

Re: Secure Web - HA Cluster Configuration

Are you able to ping the virtual IP-Adress when one Clusternode will be rebooted?

cheers, Thorsten

0 Kudos
puliyadim
Level 7

Re: Secure Web - HA Cluster Configuration

Yes, I am able to ping.

I have deployed in an explicit proxy mode and so far I have tried all the possibilities on HA, the response seems to be good.

0 Kudos
Troja
Level 14

Re: Secure Web - HA Cluster Configuration

Is it possible to get more Infos regarding the HA Configuration??

- RouterID

- VIPSs

My problem is, i´m not able to ping the virtual IP when one cluster node is down.

0 Kudos
puliyadim
Level 7

Re: Secure Web - HA Cluster Configuration

Not sure abt router ID, but as for the rest it is as below for my scenario

For ex:

MWG-1 - Physical IP - 1.1.1.1

MWG-2 - Physical IP - 1.1.1.2

VIP - This should be in the same IP subnet as the physical IP - 1.1.1.20

VIP Interface - leave it as default, which is eth2, this port is where I have used to connect to LAN

Director priority-The node with higher priority will be the active node for HA, whereas the other is in passive mode.

0 Kudos
McAfee Employee

Re: Secure Web - HA Cluster Configuration

Hello,

or clustering aka HA, MWG is using VRRP to route traffic between the two instances. When you are building the cluster, make sure that the Director priority is actually set on both nodes, otherwise they won't cluster correctly. On the command line execute "mfend-lb -s" on both and post the status output here. This should help figuring if you have an issue with clustering in general.

best,

Michael

0 Kudos
Troja
Level 14

Re: Secure Web - HA Cluster Configuration

Hi Mark,

this is the output:

root@ww7proxy1 ~]# mfend-lb -s
     device: ww7proxy1
statechange:
         ip: 10.1.1.226
        ip6: fe80::250:56ff:fea4:4c59
  protocols: 00000001
        mac: 005056a44c59
      state: NETWORK
      stats: 0 0 67 0 0
statusvalid: 1
       type: director

     device: __SELF__
statechange:
         ip: 0.0.0.0
        ip6: ::
  protocols: 00000001
        mac: 005056a44c59
      state: OK
      stats: 0 0 67 0 0
statusvalid: 1
       type: scanning

     device: ww7proxy2
statechange: 1283506608 (Fri Sep  3 11:36:48 2010)
         ip: 10.1.1.227
        ip6: ::
  protocols: 00000001
        mac: 005056a40491
      state: REDUNDANT
      stats: 0 0 0 0 0
statusvalid: 1
       type: redundant

     device: ww7proxy2
statechange: 1283506608 (Fri Sep  3 11:36:48 2010)
         ip: 10.1.1.227
        ip6: ::
  protocols: 00000001
        mac: 005056a40491
      state: OK
      stats: 0 0 0 0 0
statusvalid: 1
       type: scanning

If ww7proxy1 is rebooted, ww7proxy2 takes ofer the virtual IP. This works fine. But, i´m not able to define the configuration into the other way. ww7proxy1 should also overtake the virtual IP from ww7proxy2.

cheers,

Thorsten

0 Kudos
McAfee Employee

Re: Secure Web - HA Cluster Configuration

Hi Thorsten,

can you do the same on the 2nd proxy, please?

thanks,

Michael

0 Kudos
Troja
Level 14

Re: Secure Web - HA Cluster Configuration

Here you are. Btw, i´m also not able to ping the VIP on the second proxy. :-|

ast login: Fri Sep  3 09:47:47 2010
[root@ww7proxy2 ~]# mfend-lb -s
     device: ww7proxy2
statechange:
         ip: 10.1.1.227
        ip6: ::
  protocols: 00000001
        mac: 005056a40491
      state: REDUNDANT
statusvalid: 1
       type: redundant

     device: __SELF__
statechange:
         ip: 0.0.0.0
        ip6: ::
  protocols: 00000001
        mac: 005056a40491
      state: OK
      stats: 0 0 27 0 0
statusvalid: 1
       type: scanning

     device: ww7proxy1
statechange: 1283506617 (Fri Sep  3 11:36:57 2010)
         ip: 10.1.1.226
        ip6: fe80::250:56ff:fea4:4c59
  protocols: 00000001
        mac: 005056a44c59
      state: NETWORK
      stats: 0 -6 0 0 0
statusvalid: 1
       type: director

0 Kudos