Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4415
Views
0
Helpful
5
Replies

Ironport Web Security Appliace in Redundancy

anil.gupta3
Level 1
Level 1

‎08-22-2011 07:48 AM

Hi,

I have Two Ironport Web Security Appliance(S160) and want to configure in Active standby mode setup..

As per cisco document, Clustering or Activie-standby mode is not possible with Ironport WSA..

Both the device will be working as Active-Active mode...

Now, I have configured end user with One WSA server IP addrees as proxy server ..web traffic is working..

now, whenever first WSA appliace goes down, i have to change my proxy IP address with Second WSA IP address... This is very annoying and painfull job to change the IP Address...

can i get any document where i don;t have to change proxy server ip address of end user and automatic failover of WSA IP address happen in the end user Proxy setting without manual interruption.

or any things with WSA appliance setting for active standby mode configuration?

Regards,

Anil

Labels:
0 Helpful
5 Replies 5

edadios
Cisco Employee
Cisco Employee

‎08-23-2011 12:11 AM

If you have an ASA a router or a switch, you can do WCCP with the WSA.

More information on the WSA on line documentation help.

Regards,

Eric

0 Helpful

anil.gupta3
Level 1
Level 1
In response to edadios

‎08-23-2011 12:21 AM

hi,

I have this WSA server in DMZ zone behind juniper firewall...

can PAC (Proxy Auto-Configure) configuration for end user will solve my problem??

Regards,

Anil

0 Helpful

edadios
Cisco Employee
Cisco Employee
In response to anil.gupta3

‎08-23-2011 02:14 AM

Yes, using PAC file is an option.

You can see some example of pac files here:

http://technet.microsoft.com/en-us/library/dd361918.aspx

Otherwise you want to do something like below for redundancy.

return "proxy a.a.a.a:80; proxy b.b.b.b:80";

Regards,

Eric

0 Helpful

seokkeun cho
Level 1
Level 1

‎08-31-2011 06:19 PM

if you have L4 switch and pac file config proxy a.a.a.:80t ip on  L4 VIP.

so traffice load blance Good.

regards

cho seok keun

0 Helpful

hallvard.solem
Level 1
Level 1

‎09-03-2011 02:34 PM

For active/standby you must use WCCP.

With pac file you can only load-balance. If one appliance stops working, a lot of users will have some problems.

For load-balancing I use dns, same A-record name for both appliances. If one stops working, i will remove the A-record for that one and everything will work fine for the users. Still a manual job though..

0 Helpful
Customers Also Viewed These Support Documents