Configure Edge SWG (ProxySG) ICAP servers for high availability (failover)
search cancel

Configure Edge SWG (ProxySG) ICAP servers for high availability (failover)

book

Article ID: 166905

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS Content Analysis Software Data Loss Prevention

Issue/Introduction

Edge SWG (ProxySG) can selectively use ICAP servers based on availability.  

Environment

Edge SWG (ProxySG) with ICAP request or response modification servers configured.

ASG (Advanced Secure Gateway) appliances provide internal Content Analysis ICAP services, one for request modification and one for response modification, that cannot be added to an ICAP service group so this does not apply to ASGs.

Resolution

To set up high availability (failover) of ICAP servers, configure an ICAP service group on the Edge SWG (ProxySG) with the ICAP services that you would like to have in a high availability group.

Services within the group must be the same type (that is, they all must be ICAP request modification services or ICAP response modification services).

To create a service group in Legacy Java Management Console: Management Console > Content Analysis > Service Groups

Create a service group and add multiple ICAP services and assign a weight to the service if desired:

To add a new group

  • Click New; the Add List Item dialog appears. 
  • In the Add Service Group field, enter an alphanumeric name. For example, create a group called ICAP_Response.
  • Click OK. 

To add members to a group

  • Highlight the service group name and click Edit; the Edit Service Group dialog appears. 
  • Select existing services:
    • Click New; the "Add Service Group Entry" dialog appears.
    • From the list of existing services, select the ones to add to this group. Hold the Control or Shift key to select multiple services.
    • Click OK to add the selected services to the group. 

Assign weights to services

  • Select a service and click Edit; the Edit Service Group Entry weight dialog appears.
    • In the Entry Weight field, assign a weight value. The valid range is 0-255.
    • Repeat steps a and b for other services, as required.
    • Click OK to close the dialog. 
  • Click OK again to close the Edit Service Group Entry dialog

Click Apply to save all of the changes made.

For more information, check the Admin Guide in ICAP service group section.

When matching an ICAP service group in policy, the Edge SWG sends the ICAP requests to ICAP servers in the service group. The distribution of the request to each service in the group is determined by the weight values.

After creating a service group, an ICAP Request/Response Service object will be available in policy. This configuration is used for load balancing and failover as the Edge SWG will only send connections to available ICAP services.

 

 

Powered by Wolken Software