Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
375
Views
0
Helpful
2
Replies

N2H2 Filtering Failover/failback

pkpatel
Level 1
Level 1

‎02-23-2009 11:36 AM - edited ‎03-04-2019 03:41 AM

Hello,

Is there a way to have preempt primary N2H2 filtering server. I am trying ot have primary and secondary, but need to have primary in preempt mode so filtering fails back to primary once it is restored.

Thanks,

Paresh.

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-23-2009 12:36 PM

Hello Paresh,

firewalls and routers point to the N2H2 using an URL

N2H2 IFP (Server) Requirement

To enable this feature, you must have at least one N2H2 server; however, two or more N2H2 servers are preferred. Although there is no limit to the number of N2H2 servers you may have, and you can configure as many servers as you wish, only one server will be active at any given time-the primary server. URL lookup requests will be sent only to the primary server.

so the question becomes who can control the URL to ip address resolution and the healthy of the real servers

But looking at configuration for routers we see

ip urlfilter server vendor {websense | n2h2} ip-address [port port-number] [timeout seconds] [retransmit number]

I don't see a priority option that could imply the possibility to configure multiple entries.

if multiple commands could be given (may be the order of preference is the first in configuration)

the router/FW itself can test the availability of primary and secondary server.

see

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_fwall_n2h2_supp_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1027171

But probably you have already tested these options

Hope to help

Giuseppe

0 Helpful

pkpatel
Level 1
Level 1
In response to Giuseppe Larosa

‎02-23-2009 01:05 PM

Thanks, Guiseppe!

Unfortunately, preempt option or preference/priority is not available in any IOS at this time. If primary fails and secondary takes over, it will continue to provide filtering even after primary comes back. The only option right now is to manually remove secondary, this will force original primary to take over, and then add secondary again.

Paresh.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card