Setup, verify and troubleshoot failover.

Proxy SG supports redundancy/failover configuration using SG Redundancy Protocol (SGRP) which is a derivative of the Virtual Router Redundancy Protocol (VRRP).  To learn more about the basics of failover configuration on the Proxy SG, please refer to the following document:

Configuring Failover

Can the built-in ProxySG failover feature redirect traffic from one network segment to another if a switch/firewall fails?

How to setup multiple ProxySGs to provide failover for redundancy

SGRP does not provide support for load balancing between the members of the same failover groups. Only an Active/Standby scenario is supported. However multiple failover groups can be configured to achieve an Active/Active configuration. This will also requires some supporting configuration via DNS or via the pac file to achieve true balancing of the network load.  To learn more about this configuration please review the following document:

Implement Active/Active explicit proxy with high availability

Setting up a failover group between two Proxy SGs that are different models is not a recommended configuration.  Please see the following document to learn more:

Can a failover environment be setup using different ProxySG appliance models?

When configuring failover customers often run into problems with the multicast addresses used.  Some multicast aware switches expect to see traffic at lower numbered multicast addresses rather than higher numbered ones.  The recommendation would be to configure something in the 224.0.0.0/24 range to avoid these kinds of issues.  The following documentation uses 224.1.2.3 as an example but I would still recommend configuring the address in the previously mention subnet.  See the following document for further information:

When configuring a pair of ProxySGs in fail-over mode, what multicast IP address should be used?

Your failover configuration can be as large and as complex as needed to support the forwarding of traffic in your network.  The SG supports the configuration of a large amount of failover groups to support this goal.  Please review the following document if you would like to learn more:

How many failover groups (SGRP) can I configure on the ProxySG?

Once failover is configured it is important to have a way to verify the status of the failover group.  The Proxy SG provides a mechanism for this status monitoring.  Please review the following documentation to learn more.

How do I verify failover status of the ProxySG appliance?

The setup and operation of a failover configuration is normally fairly straightforward and simple.  As with any network deployment there can be issues.

When configuring failover it is recommended that the SGs in each failover group have the master/backup configuration hard coded rather than trying to set specific priority numbers for each device.  

Also the advertisement interval for the hellos to be sent between the failover pair should be set to 1 second rather than the default of 40 seconds.  This allows for the failover to occur much faster.

Also ensure that IGMP snooping on the switch is turned off globally or on the port the SG is connected to or some other workaround is applied so that IGMP snooping does not interfere with the operation of failover.  Please consult the following documentation for further insights into dealing troubleshooting failover and dealing with common issues:

How do I troubleshoot issues with appliance failover on my ProxySG appliance?

Event log message 'SGRP Admin: can't determine interface IP address, using first ip address'

Proxy SG units are set up in failover group but the units are not seeing each other Multicast traffic

ProxySG High Availability/Failover fails between Proxies located in different networks

If you have any further questions about any of these topics, please contact support.