Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
973
Views
0
Helpful
5
Replies

Centralized reporting with clustering

Clement NERI
Level 1
Level 1

‎01-05-2017 07:23 AM

Hello

I have  2 ESA  ( 1 fully configured, and one new ) and one SMA.

1st ESA is fully configured and sends Logs, reports and policy quarantines to the SMA

2nd ESA is brand new with a basic IP configuration for management

Should I create the ESA cluster before configuring the 2nd ESA to send data to the SMA or the order doesn't matter ?

Thanks

Regards

Labels:
0 Helpful
5 Replies 5

Libin Varghese
Cisco Employee
Cisco Employee

‎01-05-2017 07:55 AM

Hi Clement,

The devices would be able to push logs and data to the SMA even if they are not part of a cluster.

However, clustering would be useful in managing configuration changes across the two appliances avoiding you having to go back and forth between the two devices.

Since the first ESA is configured, creating a new cluster using that device and adding the second device to it would copy over all existing ESA configuration for you. 

Regards,

Libin Varghese

0 Helpful

dmccabej
Cisco Employee
Cisco Employee

‎01-05-2017 10:44 AM

Hello,

Unless you plan on using a different configuration on ESA2, I would highly recommend simply adding ESA2 into a cluster so that the configuration can be copied over from ESA1. If you wish, you can also leave them independent and configure ESA2 separately to point/connect to the SMA, but that would require a few more steps.

Should look something like this :

1) Create cluster via ESA1

2) Join ESA2 to cluster

3) Add ESA2 on SMA

4) Complete Policy, Virus and Outbreak quarantine migration for ESA2 on SMA (if needed)

Thanks!

-Dennis M.

0 Helpful

Clement NERI
Level 1
Level 1
In response to dmccabej

‎01-06-2017 03:18 AM

Great

Thank You.

One question : Why do I need to set identical IP interface names on both ESA ?

Does it matter if one ESA has one more IP Interface than the second ESA (to handle one single non redundant MX) ?

0 Helpful

Libin Varghese
Cisco Employee
Cisco Employee
In response to Clement NERI

‎01-06-2017 05:14 AM

Hi Clement,

The interfaces (machine level) would need to have the same names on both ESA's so that they can be selected on the listener which is a cluster level configuration.

It is alright to have more IP interfaces on one ESA compared to the other, however for them to be used on the listener configuration they must share a common name.

Regards

Libin Varghese

0 Helpful

dmccabej
Cisco Employee
Cisco Employee
In response to Clement NERI

‎01-06-2017 02:43 PM

Looks like Libin has provided you with the information you needed. :)

Let us know if you come across any other questions.

Thanks!

-Dennis M.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents