What forms of High Availability are certified for use with Symantec Web Gateway (SWG) appliance?
search cancel

What forms of High Availability are certified for use with Symantec Web Gateway (SWG) appliance?

book

Article ID: 152444

calendar_today

Updated On:

Products

Web Gateway

Issue/Introduction

What forms of High Availability are certified for use with Symantec Web Gateway (SWG) appliance?

Resolution


While, as of version 5.2.2, SWG has no built-in HA (High Availability) or Load Balancing feature, Symantec Web Gateway it is currently certified with the following forms of High Availability:

  • A pair of SWG appliances may be deployed in conjunction with a pair of firewalls, with the firewalls in either active-active or active-passive failover modes. See Table 2-5 and Figure 2-5 within the Symantec Web Gateway 4.5 Implementation Guide.



In addition, Symantec Web Gateway has been tested with the following forms of High Availability with no issues observed:

  • A pair of SWG appliances may be deployed in conjunction with a pair of web proxies, with the web proxies in either active-active or active-passive failover modes.

 

Load Balancers.

It can rely on 3rd party Link Aggregation or Etherchannel load balancers.

To load balance SWG in inline mode, each host must function independently as a transparent bridge (OSI layer 2) with some requirements and caveats:

  • The traffic passing through must be synchronous. This means that a GET request or sequence of packets going through a specific SWG must continue to flow or stream along that same host.
  • The SWG hosts do not share traffic information to other SWGs on the network. For that reason, SWG only is aware of the traffic going through itself. This may affect some feature's behavior like botnet detection.
  • The traffic to be load-balanced will still be bound to the default gateway's IP address, upstream of the SWG WAN port. Load balancing is not applied to the SWG's inline IP address.




References

The Symantec Web Gateway 5.2 Implementation Guide can be found in the following location:

URL: http://www.symantec.com/docs/DOC7046


Title: IEEE: Standard 802.1AX-2008
URL: http://standards.ieee.org/getieee802/download/802.1AX-2008.pdf

Title: Cisco: How does Link Aggregation work?
URL: https://www.cisco.com/en/US/products/ps9967/products_qanda_item09186a0080a36439.shtml



Technical Information

About sharing configuration and event data
For sharing of configuration and log events, deploy a Central Intelligence Unit to manage multiple SWG appliances.


 

 

 

 

Powered by Wolken Software