You need to implement Active/Active high availability on explicit Edge SWG.

Note: This article uses Proxy1 and Proxy2 as examples.

To have Active/Active explicit deployment with high availability for Edge SWG appliances, you must balance the load of traffic from the source and then configure failover groups on each proxy.

Step 1: Load-balance the traffic for each Edge SWG

Configure the clients to send an equal amount of traffic to each proxy using one of the following methods:

• Configure a PAC file that allows some clients to send the traffic to Proxy1 and the other clients to send the traffic to Proxy2.
• Configure the proxy name in your DNS that resolves to the two IPs of the proxy.

Step 2: Configure failover groups on each Edge SWG

To have high availability, make sure that each proxy is able to process the traffic of the other proxy when it is down.

Configure two failover groups on each proxy:

• On the first failover group (group1), configure Proxy1 as the master and Proxy2 as the backup.
• On the second failover group (group2), configure Proxy1 as the backup and Proxy2 as the master.

In this example configuration, the following could occur:

• If Proxy1 and Proxy2 are up, both are processing traffic.
• If Proxy1 is down and Proxy2 is up, Proxy2 processes the traffic for failover group1 (for which it becomes master) and group2 (for which it is already master).
• If Proxy2 is down and Proxy1 is up, Proxy1 processes traffic for failover group2 (for which it becomes master) and group1 (for which it is already master).

Example

Implement Active/Active explicit Edge SWG with high availability for two proxies, Proxy1 (IP address 10.10.10.1) and  Proxy2 (IP address 10.10.10.2). 

1. Create a virtual IP (VIP) on Proxy1 with the IP address of Proxy2, which is 10.10.10.2.
2. Create a VIP on Proxy2 with the IP address of Proxy1, which is 10.10.10.1.
3. Create failover group1 with the IP address 10.10.10.1 on Proxy1 as Master and on Proxy2 as Backup.
4. Create failover group2 with the IP 10.10.10.2 on Proxy1 as Backup and on Proxy2 as Master.

Example on how configure the settings.

On the first proxy, create the first failover group - "proxy1".

To configure failover:
1. Select the Configuration > Network > Advanced > Failover tab.
2. Click New. The Add Failover Group dialog displays.

3. Create a group using either a new IP address or an existing IP address. 

4. Configure group options:
    a. Multicast address - Set this to 224.1.2.3
    b. Relative Priority - Checked the "Master" option.
    c. (Optional) Advertisement Interval - Leave the default value.
    d. (Optional, but recommended) Group Secret - Can leave this empty.

5. Select enabled.
6. Click OK to close the dialog.
7. Click Apply.

Still on the first proxy, create the second failover group - "proxy2". You just need to repeat the steps above but set the following settings:

Group IP - A different IP than the one your created above. Eg: 10.9.10.151
Multicast address - Set this to 224.1.2.4
Relative Priority - Leave the default value. The "Master" option should be unchecked.
(Optional) Advertisement Interval - Leave the default value.
(Optional, but recommended) Group Secret - Can leave this empty.

Then on the second proxy, follow the steps above to create the two failover groups.

Follow ALL the settings (same IP, same multicast address) from the first proxy EXCEPT for:

Relative Priority - Leave the default value. The "Master" option should be unchecked.

And on "proxy2" failover group, follow ALL the settings (same IP, same multicast address) EXCEPT for:

Relative Priority - Checked the "Master" option.