I have Two Ironport Web Security Appliance(S160) and want to configure in Active standby mode setup..
As per cisco document, Clustering or Activie-standby mode is not possible with Ironport WSA..
Both the device will be working as Active-Active mode...
Now, I have configured end user with One WSA server IP addrees as proxy server ..web traffic is working..
now, whenever first WSA appliace goes down, i have to change my proxy IP address with Second WSA IP address... This is very annoying and painfull job to change the IP Address...
can i get any document where i don;t have to change proxy server ip address of end user and automatic failover of WSA IP address happen in the end user Proxy setting without manual interruption.
or any things with WSA appliance setting for active standby mode configuration?
I have this WSA server in DMZ zone behind juniper firewall...
can PAC (Proxy Auto-Configure) configuration for end user will solve my problem??
Yes, using PAC file is an option.
You can see some example of pac files here:
Otherwise you want to do something like below for redundancy.
return "proxy a.a.a.a:80; proxy b.b.b.b:80";
For active/standby you must use WCCP.
With pac file you can only load-balance. If one appliance stops working, a lot of users will have some problems.
For load-balancing I use dns, same A-record name for both appliances. If one stops working, i will remove the A-record for that one and everything will work fine for the users. Still a manual job though..