Cisco Cisco Web Security Appliance S690 User Guide
2-17
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 2 Connect, Install, and Configure
Configuring Failover Groups for High Availability
Configuring Failover Groups for High Availability
Using the Common Address Redundancy Protocol (CARP), the WSA enables multiple hosts on your
network to share an IP address, providing IP redundancy to ensure high availability of services provided
by those hosts. In CARP there are three states for a host:
network to share an IP address, providing IP redundancy to ensure high availability of services provided
by those hosts. In CARP there are three states for a host:
•
master
•
backup
•
init
Only one master host can exist for each failover group that can provide services. High Availability
functions in Standard and Connector mode.
functions in Standard and Connector mode.
Add Failover Group
Before You Begin
•
Identify a virtual IP address that will be used exclusively for this failover group. Clients will use this
IP address to connect to the failover group in explicit forward proxy mode.
IP address to connect to the failover group in explicit forward proxy mode.
•
Configure all Appliances in the failover group with identical values for the following parameters:
–
Failover Group ID
–
Hostname
–
Virtual IP Address
•
If you are configuring this feature on a virtual appliance, ensure that the virtual switch and the
virtual interfaces specific to each appliance are configured to use promiscuous mode. For more
information, see the documentation for your virtual hypervisor.
virtual interfaces specific to each appliance are configured to use promiscuous mode. For more
information, see the documentation for your virtual hypervisor.
Step 1
Choose Network > High Availability.
Step 2
Click Add Failover Group.
Step 3
Enter a Failover Group ID in the range 1 to 255.
Step 4
(Optional) Enter a Description.
Step 5
Enter the Hostname, for example www.example.com.
Step 6
Enter the Virtual IP Address and Netmask, for example 10.0.0.3/24 (IPv4) or 2001:420:80:1::5/32
(IPv6).
(IPv6).
Step 7
Choose an option from the Interface menu. The Select Interface Automatically option will select the
interface based on the IP address you provided.
interface based on the IP address you provided.
Note
If you do not select the Select Interface Automatically option, you must choose an interface in the same
subnet as the virtual IP address you provided.
subnet as the virtual IP address you provided.
Step 8
Choose the priority. Click Master to set the priority to 255. Alternatively, select Backup and enter a
priority between 1 (lowest) and 254 in the Priority field.
priority between 1 (lowest) and 254 in the Priority field.
Step 9
(Optional). To enable security for the service, select the Enable Security for Service check box and
enter a string of characters that will be used as a shared secret in the Shared Secret and Retype Shared
Secret fields.
enter a string of characters that will be used as a shared secret in the Shared Secret and Retype Shared
Secret fields.