02-23-2009 11:36 AM - edited 03-04-2019 03:41 AM
Hello,
Is there a way to have preempt primary N2H2 filtering server. I am trying ot have primary and secondary, but need to have primary in preempt mode so filtering fails back to primary once it is restored.
Thanks,
Paresh.
02-23-2009 12:36 PM
Hello Paresh,
firewalls and routers point to the N2H2 using an URL
N2H2 IFP (Server) Requirement
To enable this feature, you must have at least one N2H2 server; however, two or more N2H2 servers are preferred. Although there is no limit to the number of N2H2 servers you may have, and you can configure as many servers as you wish, only one server will be active at any given time-the primary server. URL lookup requests will be sent only to the primary server.
so the question becomes who can control the URL to ip address resolution and the healthy of the real servers
But looking at configuration for routers we see
ip urlfilter server vendor {websense | n2h2} ip-address [port port-number] [timeout seconds] [retransmit number]
I don't see a priority option that could imply the possibility to configure multiple entries.
if multiple commands could be given (may be the order of preference is the first in configuration)
the router/FW itself can test the availability of primary and secondary server.
see
But probably you have already tested these options
Hope to help
Giuseppe
02-23-2009 01:05 PM
Thanks, Guiseppe!
Unfortunately, preempt option or preference/priority is not available in any IOS at this time. If primary fails and secondary takes over, it will continue to provide filtering even after primary comes back. The only option right now is to manually remove secondary, this will force original primary to take over, and then add secondary again.
Paresh.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide