3 Replies Latest reply on Feb 27, 2014 9:53 AM by Regis

    What does it look like to use 2 web gateways?


      We are on a single web gateway right now.  We have been experiencing some slowness that may be due to load but perhaps we need to do some config tweaks also.  But aside from that, we feel that we need another gateway in case 1 goes down so we have a fall back.  Our first is the actual physical appliance.  I understand you can also get it in virtual machine form.  So my question is, how would it look?  Can two of them work together in tandem? Would you split traffic across both of them?  We are just curious what our options are.

        • 1. Re: What does it look like to use 2 web gateways?



          You can find a description of Proxy HA in the product guide, Blade Server > Network setup and under Proxies > Proxy HA settings.


          Basically, Proxy HA means you deploy two or more Web Gateway nodes with one virtual IP address (VRRP), to which users are connecting (they only see one). The node holding the virtual address will do load balancing to all available nodes.


          Kind regards,


          • 2. Re: What does it look like to use 2 web gateways?

            Interesting, thank you for your answer.  Looking in those settings, it almost looks like you could do some manual balancing if you wanted?  For instance based on the port that the user is connecting to, is that correct?  The reason I ask is because - we have one physical appliance and I think our second would be virtual and it is possible we may not want to put as much traffic on the virtual appliance.


            Also, what happens if the node holding the virtual IP goes down?

            • 3. Re: What does it look like to use 2 web gateways?

              Another way to do it is to use a web proxy auto config (PAC) file.  PAC files are javascript files that basically return a value for what proxy a client should use.  You can do load balancing and failover with this by, say, telling even ip addresses to favor proxy1 and odd ip's to favor proxy2, and use the opposite one if the primary isn't available.


              It's not perfect, though as not all devices that need to talk to the web are web browsers.  Web browsers support pac's but not all software and applicances do, so you have to specify an ip for a fallback anyway.  



              I'm curious how many people are using proxy HA and how they like it.   The environment I'm in is using 2 boxes with individiual ip's and no VIP, and using PAC's to balance between them, and leveraging the clustered configuration management which works nicely.  It works ... okay, but when one box is down for mtc you do hold your breath for whether someone is using one box specifically.     I'm open to a VIP  if the HA works well.   A running joke is that a curious % of outages (regardless of vendor) are related to HA bugs. 


              That said, we do use a VIP with a pair of email gateways here and that has worked rather nicely.  When one box goes offline, the other box starts managing the VIP, and it just ... works.