7 Replies Latest reply on Jan 27, 2017 4:06 PM by Jon Scholten

    McAfee Web Gateway Cluster

    alisher

      Hello

      I have MWG1 on virtual machine and MWG2 physical hardware.

      Until this moment I use only MWG1 and all my settings on this device.

      Now I have MWG2 and want to set MWG1 and MWG2 as cluster.

      How can I do this? (step by step)

        • 1. Re: McAfee Web Gateway Cluster
          snoehler

          Hey alisher
          what exactly do you mean with cluster? Do you want your appliances to run in a HA or in a central management?

          • 2. Re: McAfee Web Gateway Cluster
            Jon Scholten

            Hi Alisher,

             

            If we're talking "cluster" in terms of "syncing policy" only, then go to Configuration and click add, then type the other node's IP (see: Web Gateway: Understanding Central Management (Clustering)). The node you add will absorb the policy

            adding a node.png

             

             

            If we're talking "cluster" in terms of "sharing traffic and load", then you'll need to join them as noted above, plus create a proxyHA cluster (or transparent bridge, or transparent router). See Web Gateway: Understanding Proxy HA

             

            Best Regards,

            Jon

            2 of 2 people found this helpful
            • 3. Re: McAfee Web Gateway Cluster
              alisher

              I want to set first MWG as Director node and second MWG as Scanner Node

              • 4. Re: McAfee Web Gateway Cluster
                asabban

                In Proxy HA all members of the HA will be Scanning Nodes. One node acts as a director (failover to other machines possible).

                 

                Jon already posted the right link, including Step-by-Step instructions.

                 

                Best,

                Andre

                1 of 1 people found this helpful
                • 5. Re: McAfee Web Gateway Cluster
                  alisher

                  Ok. Thanks

                  • 6. Re: McAfee Web Gateway Cluster
                    alisher

                    When I add ip second MWG I get log list below:

                     

                    Add Appliance failed:

                    cannot add node because local node has no running listener available - new node would not be able to talk back to this node

                    Stack trace: com.scur.k.shared.exceptions.KClientServerException: Node "564DD729-5C1A-A409-E625-E8416E7F83F3" reports STATUS_ERROR:

                    cannot add node because local node has no running listener available - new node would not be able to talk back to this node

                     

                     

                      at com.scur.k.app.communication.ServerRequest.callServerFunction(ServerRequest.jav a:260)

                      at com.scur.k.app.communication.ServerRequest.callServerFunction(ServerRequest.jav a:233)

                      at com.scur.k.app.communication.ServerRequest.addAppliance(ServerRequest.java:1103 )

                      at com.scur.k.app.appliances.TabApplianceConfigurations$4.doInBackground(TabApplia nceConfigurations.java:570)

                      at com.scur.k.app.appliances.TabApplianceConfigurations$4.doInBackground(TabApplia nceConfigurations.java:564)

                      at javax.swing.SwingWorker$1.call(Unknown Source)

                      at java.util.concurrent.FutureTask.run(Unknown Source)

                      at javax.swing.SwingWorker.run(Unknown Source)

                      at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

                      at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

                      at java.lang.Thread.run(Unknown Source)

                    Caused by: com.scur.k.shared.exceptions.KCoordinatorNodeException: Node "564DD729-5C1A-A409-E625-E8416E7F83F3" reports STATUS_ERROR:

                    cannot add node because local node has no running listener available - new node would not be able to talk back to this node

                     

                     

                      at com.scur.k.server.ww.adapter.AdapterUtils.analyzeResponse(AdapterUtils.java:270 )

                      at com.scur.k.server.ww.adapter.AbstractAdapter.fromCoordinator(AbstractAdapter.ja va:81)

                      at com.scur.k.server.ww.adapter.AbstractAdapter.send(AbstractAdapter.java:175)

                      at com.scur.k.server.ww.WwCommunicationManager.addNodeToCluster(WwCommunicationMan ager.java:202)

                      at com.scur.k.server.manager.ApplianceLoader.addAppliance(ApplianceLoader.java:42)

                      at com.scur.k.server.Konfigurator.addAppliance(Konfigurator.java:564)

                      at com.scur.k.server.ServerFunctionHandler.processServerFunction(ServerFunctionHan dler.java:291)

                      at com.scur.k.server.Request.doPost(Request.java:119)

                      at javax.servlet.http.HttpServlet.service(HttpServlet.java:643)

                      at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)

                      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:290)

                      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:206)

                      at com.scur.k.server.filter.AuthenticationFilter.handleNeedsAuthentication(Authent icationFilter.java:116)

                      at com.scur.k.server.filter.AuthenticationFilter.doFilterHttpServet(Authentication Filter.java:81)

                      at com.scur.k.server.filter.AuthenticationFilter.doFilter(AuthenticationFilter.jav a:68)

                      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:235)

                      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:206)

                      at com.scur.k.server.filter.SetHeaderFilter.doFilter(SetHeaderFilter.java:83)

                      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:235)

                      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:206)

                      at com.scur.k.server.filter.SetHeaderFilter.doFilter(SetHeaderFilter.java:83)

                      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFil terChain.java:235)

                      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain .java:206)

                      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 233)

                      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java: 191)

                      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

                      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:10 9)

                      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)

                      at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:879 )

                      at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http 11AprProtocol.java:610)

                      at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1777)

                      at java.lang.Thread.run(Thread.java:745)

                     

                     

                    How can I solve this?

                    The license first MWG expired.

                    Ip address first node is 192.168.2.20/24, second node 192.168.64.20/24.

                    • 7. Re: McAfee Web Gateway Cluster
                      Jon Scholten

                      The default listener port for Central Management is 12346. So make sure that each appliance can talk to each other on port 12346 (bidirectional).

                       

                      Also, make sure that the IP configured in Central Management matches the IP of your actual appliance.

                       

                      So... if the IP of MWG1 is x.x.x.1, then the Central Management listener should be x.x.x.1:12346

                      And   if the IP of MWG2 is x.x.x.2, then the Central Management listener should be x.x.x.2:12346

                      And   if the IP of MWG3 is x.x.x.3, then the Central Management listener should be x.x.x.3:12346

                      and so on