How to forward requests to another Proxy based on ISP link health check in ProxySG
Article ID: 168909
Updated On:
Products
ProxySG Software - SGOS
Issue/Introduction
Customer is having 2 ProxySG which are having their respective ISP links. Customer wants to perform an automatic forwarding of all the connections to the other proxy, in case of an ISP link failure. The example setup used for this article is below
Resolution
Software Configuration
Create Custom Health Check with ICMP. Use the IP address of the other side IP of the respective ISP links. In this example, we are using the IP address of 100.0.0.2 and 200.0.0.2 for creating custom health checks.
Above health checks are to be created in ProxySG-2 also following same naming to avoid confusion.
Now create Forwarding Hosts of with other ProxySG’s IP information.
Policy
The same forwarding rule can be done via advanced CPL and is given below
In ProxySG-1
<Forward>
"is_healthy.user.isp1"=no "is_healthy.user.isp2"=yes forward("ProxySG2") forward.fail_open(no)
socks_gateway(no) forward(no)
In ProxySG-2
<Forward>
"is_healthy.user.isp1"=yes "is_healthy.user.isp2"=no forward("ProxySG1") forward.fail_open(no)
socks_gateway(no) forward(no)
Note: Reason for creating both ISPs health check in same Proxy is to avoid a forwarding loop in case both ISP links are down.
Create Custom Health Check with ICMP. Use the IP address of the other side IP of the respective ISP links. In this example, we are using the IP address of 100.0.0.2 and 200.0.0.2 for creating custom health checks.
- Navigate to Web Console > Configuration [Tab]> Health Checks > General and click New
- In the new window, give a name to identify the health check.
- Change Type of test: to ICMP
- Under Host: give the IP address 100.0.0.2
- Click OK and then Apply to save the changes
Above health checks are to be created in ProxySG-2 also following same naming to avoid confusion.
Now create Forwarding Hosts of with other ProxySG’s IP information.
- Login to ProxySG-1
- Navigate to Web Console > Configuration [Tab]> Forwarding Hosts and click New
- Fill information about the other ProxySG device
- Click OK and then Apply to save the changes
Policy
- Now launch VPM and Add a new Forwarding Layer
- Right click on Service field and select Set..
- Click New… and select Combined Service Object
- Provide a Name for easy reference (Example uses “ISP2FWD”)
- Click New… and select Health Status
- Select Health Check Name: as "user.isp1" and select Health Status as Sick
- Click OK and click Add>> to add it to the Top box on the right side
- Now click New… again and select Health Status
- Select Health Check Name: as “user.isp2” and select Health Status as Healthy
- Click OK and click Add>> to add this to the bottom box on the right side
- Click OK and OK.
- Now right click on the Action field and select Set…
- Click New… > Select Forwarding…
- Name it appropriate
- Select ProxySG2 and click Add>> to move it to the right side
- Click OK and OK
- Click Add rule to add a default “Send Direct” rule as given below
- Install the Policy
The same forwarding rule can be done via advanced CPL and is given below
In ProxySG-1
<Forward>
"is_healthy.user.isp1"=no "is_healthy.user.isp2"=yes forward("ProxySG2") forward.fail_open(no)
socks_gateway(no) forward(no)
In ProxySG-2
<Forward>
"is_healthy.user.isp1"=yes "is_healthy.user.isp2"=no forward("ProxySG1") forward.fail_open(no)
socks_gateway(no) forward(no)
Note: Reason for creating both ISPs health check in same Proxy is to avoid a forwarding loop in case both ISP links are down.
Feedback
Yes
No
Powered by
