Use Multiple Edge SWG Devices to Provide Failover in an IPv6 Environment
search cancel

Use Multiple Edge SWG Devices to Provide Failover in an IPv6 Environment

book

Article ID: 167080

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Deploying the Edge SWG either in parallel or serial failover mode.

Environment

The Edge SWG failover works the same in IPv6 environment as it is in the IPv4 environment. User can have one virtual IPv6 address to be used for failover.

Resolution

Deployment

  1. Configure Edge SWG to have both IPv4 and IPv6 connectivity. See Deploy Edge SWG as an IPv6 Transitional Device 

  2. Create an IPv6 virtual address. This is the address that the clients will be connecting to, and is the name of the failover group:
    #(config)virtual-ip address <virtul-ipv6-address>
     
  3. Configure failover on all the Edge SWGs participating in the failover group:
    #(config)failover
    #(config failover)create <virtual-ipv6-address>
    #(config failover <virtual-ipv6-address>)
     
  4.  Edge SWG failover group will automatically pick a master Edge SWG, using the numerically highest local IP address as the default master. It is also possible to force one of the Edge SWG to be the master:
    #(config failover <virtual-ipv6-address>)master

    This automatically puts this Edge SWG to have the highest failover priority.
  5.  It is also possible to create a shared secret between the failover Edge SWGs. The secret can be set using the following command:
    #(config failover <virtual-ipv6-address>) secret <key>
     
  6. If the users are connecting to the Edge SWG explicitly using the virtual IP address, the configuration is complete at this point.  However, if the users are connected to the Internet transparently, the system administrator needs to  configure the bridge:
    #(config)bridge
    #(config bridge)edit <bridge-name>
    #(config bridge <bridge-name>)    failover mode serial|parallel

    The mode should correspond to the network scenario. If the Edge SWGs are deployed in serial mode, setting the bridge in serial mode will result in the packet being forwarded when the Edge SWG is in standby mode.  By setting it in parallel mode, the bridge will drop the packet when the Edge SWG is in standby.
  7. Register this bridge with the failover group created in the previous step:
    #(config bridge <bridge-name>)failover group <virtual-ipv6-address>

Network Diagram

Powered by Wolken Software