How To Configure High Availability (HA) in Cyberoam

Similar documents
How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

How To Configure Virtual Host with Load Balancing and Health Checking

How To - Deploy Cyberoam in Gateway Mode

Balancing and Gateway Failover

How To Configure Syslog over VPN

Securing Networks with PIX and ASA

Astaro Deployment Guide High Availability Options Clustering and Hot Standby

Deploying Virtual Cyberoam Appliance in the Amazon Cloud Version 10

Unified Threat Management

High Availability Configuration Guide Version 9

Preparing for Version 10

Network Load Balancing

Cyberoam Virtual Security Appliance - Installation Guide for VMware ESX/ESXi. Version 10

FortiGate High Availability Overview Technical Note

How To Configure The Fortigate Cluster Protocol In A Cluster Of Three (Fcfc) On A Microsoft Ipo (For A Powerpoint) On An Ipo 2.5 (For An Ipos 2.2.5)

High Availability. FortiOS Handbook v3 for FortiOS 4.0 MR3

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

Steps for Basic Configuration

Firewall VPN Router. Quick Installation Guide M73-APO09-380

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

This article describes a detailed configuration example that demonstrates how to configure Cyberoam to provide the access of internal resources.

Cyberoam Virtual Security Appliance - Installation Guide for XenServer. Version 10

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

Proof of Concept Guide

Routing concepts in Cyberoam

Networking Guide Redwood Manager 3.0 August 2013

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

VERITAS Cluster Server Traffic Director Option. Product Overview

NETASQ MIGRATING FROM V8 TO V9

How To - Implement Clientless Single Sign On Authentication with Active Directory

How To Configure SSL VPN in Cyberoam

How to Configure a High Availability Cluster in Azure via Web Portal and ASM

Deployment Guide: Transparent Mode

Multi-Homing Dual WAN Firewall Router

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Using SonicWALL NetExtender to Access FTP Servers

Lab Configuring Access Policies and DMZ Settings

How To Configure L2TP VPN Connection for MAC OS X client

Guide to the LBaaS plugin ver for Fuel

Load Balancing Clearswift Secure Web Gateway

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

F-SECURE MESSAGING SECURITY GATEWAY

Implementing Network Address Translation and Port Redirection in epipe

F-Secure Messaging Security Gateway. Deployment Guide

Firewall Defaults and Some Basic Rules

Configuring Windows Server Clusters

AP6511 First Time Configuration Procedure

Deploying Windows Streaming Media Servers NLB Cluster and metasan

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

M2M Series Routers. Port Forwarding / DMZ Setup

Web Authentication Proxy on a Wireless LAN Controller Configuration Example

ichain Novell Welcome to ichain 2.2 SYSTEM REQUIREMENTS QUICK START

Deployment Guide Microsoft IIS 7.0

vshield Quick Start Guide vshield Manager 4.1 vshield Edge 1.0 vshield App 1.0 vshield Endpoint 1.0

Multi-Homing Gateway. User s Manual

Availability Digest. Redundant Load Balancing for High Availability July 2013

3.1 RS-232/422/485 Pinout:PORT1-4(RJ-45) RJ-45 RS-232 RS-422 RS-485 PIN1 TXD PIN2 RXD PIN3 GND PIN4 PIN5 T PIN6 T PIN7 R+ PIN8 R-

Barracuda Link Balancer

Feature Brief. FortiGate TM Multi-Threat Security System v3.00 MR5 Rev. 1.1 July 20, 2007

Elfiq Link Balancer (Link LB) Quick Web Configuration Guide

User Guide Version 9 Document version /03/2007

Configuring Health Monitoring Using Health Probes

Installing GFI MailSecurity

Installing and Using the vnios Trial

How To Block Unauthorized Internet Access through Proxies

Reviewer s Guide. Document Version /12/2013. Document version /11/2005. Document version

FortiMail Filtering Course 221-v2.2 Course Overview

Barracuda Web Filter Administrator s Guide

Exam : EE : F5 BIG-IP V9 Local traffic Management. Title. Ver :

User Guide Version 9.5.8

UTT Technologies offers an effective solution to protect the network against 80 percent of internal attacks:

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

vshield Quick Start Guide

I N S T A L L A T I O N M A N U A L

How To Load Balance On A Libl Card On A S7503E With A Network Switch On A Server On A Network With A Pnet 2.5V2.5 (Vlan) On A Pbnet 2 (Vnet

Configuring Network Load Balancing with Cerberus FTP Server

How To Configure Apple ipad for Cyberoam L2TP

SonicOS Enhanced Release Notes TZ 180 Series and TZ 190 Series SonicWALL, Inc. Firmware Release: August 28, 2007

Configuring WAN Failover & Load-Balancing

How To - Implement Single Sign On Authentication with Active Directory

Cisco ASA, PIX, and FWSM Firewall Handbook

EXPLORER. TFT Filter CONFIGURATION

Configuring the BIG-IP and Check Point VPN-1 /FireWall-1

Virtual Web Appliance Setup Guide

User s Manual TCP/IP TO RS-232/422/485 CONVERTER. 1.1 Introduction. 1.2 Main features. Dynamic DNS

Configuring Trend Micro Content Security

GregSowell.com. Mikrotik Basics

Load Balance Router R258V

CYAN SECURE WEB APPLIANCE. User interface manual

Exam F F5 BIG-IP V9.4 LTM Essentials Version: 5.0 [ Total Questions: 100 ]

Mail-SeCure Load Balancing

Virtual Appliance Setup Guide

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May Far South Networks

V Series Rapid Deployment Version 7.5

Building a Scale-Out SQL Server 2008 Reporting Services Farm

Remote Desktop Services Overview. Prerequisites. Additional References

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Transcription:

How To Configure High Availability (HA) in Cyberoam How To Configure High Availability (HA) in Cyberoam Applicable Version: 10.00 onwards Overview High Availability (HA) is a clustering technology which is used to maintain uninterrupted services in the event of power, hardware or software failures. Cyberoam appliances can be configured in Active- Active or Active-Passive HA modes. The Appliances - Primary and Auxiliary Appliance, are physically connected over a dedicated HA link port. In Active-Active mode, both Primary Appliance and Auxiliary Appliance process traffic while the primary unit is in charge of balancing the traffic. Decision of load balancing is taken by the Primary Appliance. Auxiliary Appliance can take over only in case of a primary unit failure. In Active-Passive mode, only the Primary Appliance processes traffic while Auxiliary Appliance remains in stand-by mode, ready to take over if the Primary Appliance failure occurs. Note: HA can also be configured when Cyberoam Appliances are deployed in Mixed Mode. Scenario Configure HA in Cyberoam. Prerequisite Both the appliances in the HA cluster i.e. Primary Appliance and Auxiliary Appliance should be of the same model. Both the member appliances must be registered Both the appliances must have same number of interfaces (except Cyberoam XP Appliances in which Flexi Ports are installed in one or both the appliances). Both the appliances must have the same firmware version installed on it.

Same subscription modules should be enabled on both the appliances. Cables to all the monitored ports on both the appliances must be connected. It is recommended to connect the dedicated HA link port of both the appliances with crossover cable. On both the appliances, the Dedicated HA link port must be the member of DMZ zone only and must have a unique IP Address. Appliance Access over SSH on DMZ Zone should be enabled for both the appliances, refer Step 1. DHCP, PPPoE, WWAN and WLAN configuration must be disabled before HA configuration. See HA Behaviour for details. Configuration You must be logged on to the Web Admin Console as an administrator with Read-Write permission for relevant feature(s). Step 1: Enable SSH Go to System > Administration > Appliance Access, under Admin Services, click to enable SSH for DMZ zone. Enable SSH on the peer appliance similarly. Step 2: Configure HA (Primary Appliance) Go to System > HA > HA and configure HA parameters as shown in the table below. Parameter Value Description HA Configuration Mode Active-Active Select HA Configuration mode for cluster. Available Options: Active-Active Active-Passive Dedicated HA Link Port PortC Select the port to be used as dedicated HA link port. HA link port is the port of the Auxiliary Appliance which is to be used for HA. Peer HA link IP 10.10.2.42 Specify IP Address configured on the HA link port of the peer appliance Peer Administration Port PortA Specify Administration Port for Auxiliary or Peer Appliance.

Peer Administration IP Select Ports to be monitored 172.16.16.100 Specify Administration IP Address for Auxiliary Appliance. PortA, PortB With this IP Address, the Admin Console of Auxiliary Appliance can be accessed. Any user accessing Web Admin Console of Auxiliary Appliance will be logged in with HA Profile and have readonly rights. Select the ports to be monitored. Click Enable HA to complete the settings. Note: The appliance on which HA is configured becomes the Primary Appliance and the other appliance becomes the Auxiliary Appliance. Once HA is established between the primary and auxiliary appliance, all configuration of the Primary Appliance is synchronized with the Auxiliary Appliance and no additional configuration is required. Step 3: Verify HA To check the status of HA, go to the Dashboard and locate the HA Details doclet.

HA status can also be verified from the Cyberoam CLI console by following the steps mentioned below: 1. Log on to Cyberoam CLI Console of the Primary Appliance using administrator credentials. 2. Select option 4. Cyberoam Console from the Main Menu list. 3. Execute the following command at the console prompt: console > cyberoam ha show details HA Behavior DHCP, PPPoE, WWAN, WLAN High Availability (HA) cluster cannot be configured if any one of the Interfaces is dynamically configured using DHCP and PPPoE protocols or WWAN or WLAN is configured. Session Failover is not possible for AV Scanned sessions or any other forwarded traffic like ICMP, UDP, multicast and broadcast traffic, traffic passing through Proxy Subsystem - transparent, direct and parent proxy traffic and VPN traffic. Masqueraded Connections In case of the manual synchronization event from any of the HA cluster Appliances, all the masqueraded connections will be dropped. HA Load balancing An Active-Active HA cluster does not load-balance the VPN sessions, UDP, ICMP, multicast and broadcast sessions and scanned FTP traffic. TCP traffic for Web Admin Console or Telnet Console, H323 traffic sessions are also not load-balanced between the cluster Appliances. HA Load balancing An Active-Active HA cluster will load balance the normal Forwarded TCP Traffic, NATed (both SNAT & Virtual Host) Forwarded TCP Traffic and TCP Traffic passing through Proxy Subsystem: Transparent Proxy, Direct Proxy and Parent Proxy and VLAN Traffic. HA can be disabled from either of the Appliance. If disabled from the Primary Appliance, HA will be disabled on both the Appliance. If disabled from the Auxiliary Appliance, HA will not be disabled on the Primary Appliance and Appliance will act as a stand-alone Appliance. After disabling HA, the Primary Appliance IP schema will not change. After disabling HA for Auxiliary Appliance, all the ports except the dedicated HA link port and Peer Administration port will be disabled. The Peer HA Link IP will be assigned with IP address of the

Dedicated HA Link Port while Peer Administration IP will be assigned with the IP Address of the Peer Administration Port. If HA is disabled from stand-alone machine, the IP schema will not change. Super Administrator privileges are required to access the Auxiliary Appliance Web Admin Console and therefore it can be accessed by admin user only. Live users/dhcp leases/ipsec live connections pages will not be displayed. After disabling HA in Auxiliary Appliance, all the administrative services HTTP, HTTPS, Telnet, SSH are allowed for LAN zone while for DMZ zone, only HTTPS and SSH are allowed. For the Auxiliary Appliance, Deployment Wizard will not be accessible. Dedicated HA link port should be from any of the DMZ interface only. Make sure that the IP Address of the HA link port of Primary and Auxiliary Appliances are in same subnet. After enabling HA, if backup without HA configuration is restored then HA will be disabled and Primary Appliance will be accessible as per the backup configuration while the Auxiliary Appliance will be accessible with the Auxiliary Admin IP Address. In Active-Active mode, mails will be quarantined separately on both the appliances as SMTP Proxy traffic is load balanced in round robin manner. In Active-Passive mode, mails will be quarantined on Primary Appliance only. If Quarantine Digest is configured, both the appliances in the cluster will receive Quarantine Digest. Administrator can release quarantined mails of all the users from both the appliances. User can release quarantined mails from My Account. My Account displays mails quarantined only on Primary Appliance. Also, user can release them from the Quarantine Digest mailed from the Primary Appliance. HA is disabled on executing Deployment Wizard. Document Version 1.0 13 September, 2014

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information