2 Replies Latest reply on Nov 3, 2015 2:06 AM by fire_fox

    Proxy HA and internet load balancing

    wajeeh_r

      Dear All,

       

      We have two MWG's we setup a HA proxy between them. This gives us hardware HA but consider a case, we have two internet sources:

       

      - MWG1 (connected to internet source1)

      - MWG2 (connected to internet source2)

       

      now MWG1 is director node and MWG2 is scanning node, if internet link on MWG1 goes down, what will happen to user requests which MWG1 is receiving ? Will MWG1 direct all requests to MWG2 since internet link for MWG1 is down ? OR nothing will happen because hardware itself is UP.

       

      Is it possible to connect two internet sources to One MWG ? like if one internet link goes down MWG uses second internet link to process requests ? Is this possible in web gateway ?

       

      Can any one clarify this confusions.

       

      Regards,

        • 1. Re: Proxy HA and internet load balancing
          Troja

          Hi,

          if using the HA Cluster functionality is quite fine and fast. We tested this with customer. Normally the user does not see any interruption. During testing also HTTPS sessions were not broken. Finally, if there is one MWG alive the virtual IP is available and internet access for the user is possible.

           

          Two internet sources:

          You are using MWG as a proxy? Therefore MWG will always connect to the configured default gateway.

          Based on you network topology (two internet links), traffic is routed over internet link 1 or internet link 2.

           

          Hope this helps,

          Cheers

          • 2. Re: Proxy HA and internet load balancing
            fire_fox

            Hi,

             

            I have the same question as wajeeh_r.

            I set 2 virtual mwg 7.5 in proxy HA setup on the same subnet. They have different default gateways (internet sources).

             

            So basically I have the same setup (for testing):

            - MWG1 (connected to internet source1) - 10.x.x.9 - Priority 51

            - MWG2 (connected to internet source2) - 10.x.x.10 - Priority 49

             

            Virtual IP is set to 10.x.x.8 (client test machine proxy is pointed to this address).

             

            When both internet links are up, client goes to the internet over the internet source 1.

            I tried to disable internet source 1 (by killing the gw interface on the cisco asa) and after that it's not possible to access the internet.

             

            After a timeout period, I get an error message:

            "The proxy could not connect to the destination in time".

             

            It takes really long time before mwg switches to internet source 2 (or I have to do it by adjusting the priority slider to boost internet source 2 priority).

             

            I configured HA based on mwg product guide and best practices:

            Best Practices: Proxy HA

             

            Is this a normal behavior or I have to set things up differently?

             

            Best Regards,

            Igor