cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1138
Views
0
Helpful
10
Replies

clustering configuration

hi,
i m new to Ironport WSA so i need some information....
is there any document which can describe how to configure two WSA in failover or redundancy or clustering mode.

i want to know is any of them can be configured on web security appliance.

thanx,
Mac

10 Replies 10

jowolfer
Level 1
Level 1

Mac,

There is currently not clustering / failover abilities built into the WSA.

Please be aware that if you are using transparent proxy with WCCP, the WCCP protocol inherently utilizes load balancing and failover if a problem happens on any web-cache devices within the same service ID.

IE: If you have two WSAs in a single service ID, traffic will be load shared between them and if one WSA fails, all traffic will be routed to the working WSA.

thanks for your reply,

But i have some little information that we can achive this using PAC file hosting facility on the box. Do you have any idea about that.

jowolfer
Level 1
Level 1

Mac,

It is possible utilize multiple WSAs by writing a .pac file script.

We cannot assist in writing, modifying, or maintaining .pac file code, but I have a pac file example that may help.

This is for load balancing between 2 proxies:

------------------------------------------
function FindProxyForURL(url,host){
switch(URLHash(url)%2){
case 1: return "PROXY wsa.proxy1:3128";
default: return "PROXY wsa.proxy2:3128";
}
}

function URLHash(url) {
server_name=url.split("/")[2]
if(!server_name) {return url.length;}
return server_name.length;
}
------------------------------------------

RBC____CS
Level 1
Level 1

What about an example for failover via pac file?

I have looked at using

return "PROXY ironport:8080; PROXY otherproxy:8080";
but I am not clear if traffic will push over to otherproxy randomly or only if ironport1 is not available or times out.

Any thoughts or suggestions?

jowolfer
Level 1
Level 1

The following can be used for a simple failover:

function FindProxyForURL(url,host) {
return "PROXY ironport:8080;
PROXY otherproxy:8080;
DIRECT";
}

bartknippenberg
Level 1
Level 1

Hello josh,

Are there plans to implemented real failover not using wccp or an external loadbalancer? Like for example vrrp as used by bluecoat?

Best regards

Bart

jowolfer
Level 1
Level 1

Bart,

We do have a feature request for this functionality, but I do not have any roadmap information for it.

Enhancement: 38634 Ability to setup WSA as Active-Standby failover in forward proxy mode

I recommend bringing this up with your sales representative as well, so that we can properly log the importance for this feature.

Tim Jackson
Level 1
Level 1

The failover should only occur if the first proxy is no longer pingable. That's my experience anyway. Also, you might need to host the pac file on another webserver. If you host it on say proxy1, and it's the one that goes down, the browser won't know how to get to proxy2. I guess you could host it on both and roundrobin the DNS record. Anyone else doing that?

--Tim

Hi Guys.

I found a very interesting article about Load Balance between Proxies. I did some testing with the script and works well. The problem is always with https connections which are lost in the process of balancing, and management of the workaround is a bit cumbersome.

http://www.isaserver.org/tutorials/Load-Balancing-Web-Proxy-Clients-With-ISA-Server-2004-Standard-Edition-Part1.html

jowolfer
Level 1
Level 1

Alisson,

Thanks for the link!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: