How to forward requests to another Proxy based on ISP link health check in ProxySG

book

Article ID: 168909

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Customer is having 2 ProxySG which are having their respective ISP links. Customer wants to perform an automatic forwarding of all the connections to the other proxy, in case of an ISP link failure. The example setup used for this article is below
Network Setup

Resolution

Software Configuration
 
Create Custom Health Check with ICMP. Use the IP address of the other side IP of the respective ISP links. In this example, we are using the IP address of 100.0.0.2 and 200.0.0.2 for creating custom health checks.
  1. Navigate to Web Console > Configuration [Tab]> Health Checks > General and click New
  2. In the new window, give a name to identify the health check.
  3. Change Type of test: to ICMP
  4. Under Host: give the IP address 100.0.0.2
  5. Click OK and then Apply to save the changes
Perform the same steps to create a health check for 200.0.0.2

Health Check

Above health checks are to be created in ProxySG-2 also following same naming to avoid confusion.

Now create Forwarding Hosts of with other ProxySG’s IP information.
  1. Login to ProxySG-1
  2. Navigate to Web Console > Configuration [Tab]> Forwarding Hosts and click New
  3. Fill information about the other ProxySG device
  4. Click OK and then Apply to save the changes
Perform the same steps in ProxySG-2 by using the information of ProxySG-1

Policy
  1. Now launch VPM and Add a new Forwarding Layer
  2. Right click on Service field and select Set..
  3. Click New… and select Combined Service Object
  4. Provide a Name for easy reference (Example uses “ISP2FWD”)
  5. Click New… and select Health Status
  6. Select Health Check Name: as "user.isp1" and select Health Status as Sick
  7. Click OK and click Add>> to add it to the Top box on the right side
  8. Now click New… again and select Health Status
  9. Select Health Check Name: as “user.isp2” and select Health Status as Healthy
  10. Click OK and click Add>> to add this to the bottom box on the right side
FWD Layer
  1. Click OK and OK.
  2. Now right click on the Action field and select Set…
  3. Click New… > Select Forwarding…
  4. Name it appropriate
  5. Select ProxySG2 and click Add>> to move it to the right side
FWD Action
  1. Click OK and OK
  2. Click Add rule to add a default “Send Direct” rule as given below
Policy
  1. Install the Policy
Perform the same steps in ProxySG2 with respective objects. Screenshots below

FWD Layer 2

FWD Action 2

Policy 2

The same forwarding rule can be done via advanced CPL and is given below
 
In ProxySG-1
 
<Forward>
"is_healthy.user.isp1"=no "is_healthy.user.isp2"=yes forward("ProxySG2") forward.fail_open(no)
socks_gateway(no) forward(no)

 
 
In ProxySG-2
 
<Forward>
"is_healthy.user.isp1"=yes "is_healthy.user.isp2"=no forward("ProxySG1") forward.fail_open(no)
socks_gateway(no) forward(no)

 
 
Note: Reason for creating both ISPs health check in same Proxy is to avoid a forwarding loop in case both ISP links are down.

Attachments