Cisco Cisco Web Security Appliance S170 사용자 가이드

Misconfiguration of failover groups might result in multiple master appliances or other failover 
problems. Diagnose failover problems using the 

testfailovergroup

 subcommand of the CLI 

failoverconfig

 command.

For example:

wsa.wga> failoverconfig

Currently configured failover profiles:

1.      Failover Group ID: 61

        Hostname: failoverV4P1.wga, Virtual IP: 10.4.28.93/28

        Priority: 100, Interval: 3 seconds

        Status: MASTER

Choose the operation you want to perform:

- NEW - Create new failover group.

- EDIT - Modify a failover group.

- DELETE - Remove a failover group.

- PREEMPTIVE - Configure whether failover is preemptive.

- TESTFAILOVERGROUP - Test configured failover profile(s)

[]> testfailovergroup

Failover group ID to test (-1 for all groups):

[]> 61

For deployments on virtual appliances, ensure that you have configured the interface/ virtual switch on 
the hypervisor to use promiscuous mode. 

Also see: 

When a native FTP request is transparently redirected to the FTP Proxy, it contains no hostname 
information for the FTP server, only its IP address. Because of this, some predefined URL categories 
and Web Reputation Filters that have only hostname information will not match native FTP requests, 
even if the requests are destined for those servers. If you wish to block access to these sites, you must 
create custom URL categories for them using their IP addresses.