HOW to do HA pair for 2 WSA S170

yao yu jiang · ‎10-10-2012

HELLO:

WE use the WCCP Between the ASA firewall and WSA , my question is

1, do we need HA license for WSA, i assume no, i think we treat them as two standlone box.

2. how to setup HA OF 2 WSA to work with 1 ASA firewal, using the wccp ?

3. in the HA, is the round robin or primary /standby ? is WSA secleted randomly by ASA?

4, what is the Capacitity throughput of singe S170 ?

5, do we need put a load-balancer in front of WSA to achieve the HA, we do not have load-balancer , how can we do a HA aternatively?

THANKS

Ken Stieers · ‎10-10-2012

Hey Jason:

1. No, there's no extra license...

2. & 3 With WCCP, you just config both WSA independently to talk to the ASA, and it will distribute the connections... You do want to make sure that the ACL you build on the ASA filter out the WSA so that you don't get loops:

https://ironport.custhelp.com/app/answers/detail/a_id/1603/kw/wccp

Make sure your on 8.2.1 or higher, the ASA had some WCCP issues previous to that version that made the connection unstable..

4. I don't know...

5. No... though you could... Or if you're using PAC files for explicit mode, the syntax allows for a backup proxy if your primary goes down...

andresmen598 · ‎11-03-2017

Good day,

I would like to know if there is any document showing the step by step to perform load balancing and HA configuration between a WSA and vWSA through WCCP on a Cisco ASA Firewall.

On the other hand I have the doubt when this type of configuration is done as it is done so that when making some configuration change replicate in the two WSA (physical WSA and virtual vWSA).

Thank you in advance for the collaboration and help you give me.