01-17-2009 05:23 AM
hi,
i m new to Ironport WSA so i need some information....
is there any document which can describe how to configure two WSA in failover or redundancy or clustering mode.
i want to know is any of them can be configured on web security appliance.
thanx,
Mac
01-19-2009 05:50 PM
Mac,
There is currently not clustering / failover abilities built into the WSA.
Please be aware that if you are using transparent proxy with WCCP, the WCCP protocol inherently utilizes load balancing and failover if a problem happens on any web-cache devices within the same service ID.
IE: If you have two WSAs in a single service ID, traffic will be load shared between them and if one WSA fails, all traffic will be routed to the working WSA.
02-02-2009 05:58 AM
thanks for your reply,
But i have some little information that we can achive this using PAC file hosting facility on the box. Do you have any idea about that.
02-02-2009 03:53 PM
Mac,
It is possible utilize multiple WSAs by writing a .pac file script.
We cannot assist in writing, modifying, or maintaining .pac file code, but I have a pac file example that may help.
This is for load balancing between 2 proxies:
------------------------------------------
function FindProxyForURL(url,host){
switch(URLHash(url)%2){
case 1: return "PROXY wsa.proxy1:3128";
default: return "PROXY wsa.proxy2:3128";
}
}
function URLHash(url) {
server_name=url.split("/")[2]
if(!server_name) {return url.length;}
return server_name.length;
}
------------------------------------------
02-06-2009 10:00 PM
What about an example for failover via pac file?
I have looked at using
return "PROXY ironport:8080; PROXY otherproxy:8080";but I am not clear if traffic will push over to otherproxy randomly or only if ironport1 is not available or times out.
02-10-2009 04:06 PM
The following can be used for a simple failover:
function FindProxyForURL(url,host) {
return "PROXY ironport:8080;
PROXY otherproxy:8080;
DIRECT";
}
06-16-2009 11:45 AM
Hello josh,
Are there plans to implemented real failover not using wccp or an external loadbalancer? Like for example vrrp as used by bluecoat?
Best regards
Bart
06-16-2009 05:10 PM
Bart,
We do have a feature request for this functionality, but I do not have any roadmap information for it.
Enhancement: 38634 Ability to setup WSA as Active-Standby failover in forward proxy mode
I recommend bringing this up with your sales representative as well, so that we can properly log the importance for this feature.
06-18-2009 05:45 PM
The failover should only occur if the first proxy is no longer pingable. That's my experience anyway. Also, you might need to host the pac file on another webserver. If you host it on say proxy1, and it's the one that goes down, the browser won't know how to get to proxy2. I guess you could host it on both and roundrobin the DNS record. Anyone else doing that?
--Tim
07-30-2009 10:16 PM
Hi Guys.
I found a very interesting article about Load Balance between Proxies. I did some testing with the script and works well. The problem is always with https connections which are lost in the process of balancing, and management of the workaround is a bit cumbersome.
http://www.isaserver.org/tutorials/Load-Balancing-Web-Proxy-Clients-With-ISA-Server-2004-Standard-Edition-Part1.html
07-31-2009 03:25 PM
Alisson,
Thanks for the link!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: