ProxySG & Advanced Secure Gateway

Hello Guys.

Need your help to understand the process of following

1) what is the correct way of doing Proxy SG failover Test?  I believe that restarting the primary proxy is the correct way.

Please advice with your comments.

2)Is there any command to execute from primary proxy to failover to secondary ?? if so do we need to execute the same from secondary to switch back to primary. ??   If so What is the command ??

3) Will the entire operation captured under logs ?? can we see there that the primary proxy went off-line and secondary became primary ??

Hi Fernando,

I presume you are referring to failover as having configured failover groups between two proxies, and my answer will be based on that presumption.

I would agree with you that restarting the primary box in a change window would be the way to check. Do keep in mind the configured advertisement interval you put in the settings. If the interval is too long, it is possible the primary box will reboot and be back up before failover occurs. 

You do not need to execute a command to execute failover. The primary box will be sending out advertisements. If the secondary box does not receive the advertisements within the specified interval, it will become primary. Once the primary box is back up again, it will begin to send advertisements again, at which point, once the secondary box receives them, it will become secondary again automatically. 

You will see from the event logs when the status has changed. On the box becoming primary, you would see the below:

"Failover: State changed from 'ELECT' to 'MASTER' for group '<group IP>'

It would similarly be a similar syntax when the box was no longer primary.

I hope that helps

Hello Guys.

Need your help to understand the process of following

1) what is the correct way of doing Proxy SG failover Test?  I believe that restarting the primary proxy is the correct way.

Please advice with your comments.

2)Is there any command to execute from primary proxy to failover to secondary ?? if so do we need to execute the same from secondary to switch back to primary. ??   If so What is the command ??

3) Will the entire operation captured under logs ?? can we see there that the primary proxy went off-line and secondary became primary ??

Hi Fernando,

I presume you are referring to failover as having configured failover groups between two proxies, and my answer will be based on that presumption.

I would agree with you that restarting the primary box in a change window would be the way to check. Do keep in mind the configured advertisement interval you put in the settings. If the interval is too long, it is possible the primary box will reboot and be back up before failover occurs. 

You do not need to execute a command to execute failover. The primary box will be sending out advertisements. If the secondary box does not receive the advertisements within the specified interval, it will become primary. Once the primary box is back up again, it will begin to send advertisements again, at which point, once the secondary box receives them, it will become secondary again automatically. 

You will see from the event logs when the status has changed. On the box becoming primary, you would see the below:

"Failover: State changed from 'ELECT' to 'MASTER' for group '<group IP>'

It would similarly be a similar syntax when the box was no longer primary.

I hope that helps

Hello Guys.

Need your help to understand the process of following

1) what is the correct way of doing Proxy SG failover Test?  I believe that restarting the primary proxy is the correct way.

Please advice with your comments.

2)Is there any command to execute from primary proxy to failover to secondary ?? if so do we need to execute the same from secondary to switch back to primary. ??   If so What is the command ??

3) Will the entire operation captured under logs ?? can we see there that the primary proxy went off-line and secondary became primary ??

Hello Guys.

Need your help to understand the process of following

1) what is the correct way of doing Proxy SG failover Test?  I believe that restarting the primary proxy is the correct way.

Please advice with your comments.

2)Is there any command to execute from primary proxy to failover to secondary ?? if so do we need to execute the same from secondary to switch back to primary. ??   If so What is the command ??

3) Will the entire operation captured under logs ?? can we see there that the primary proxy went off-line and secondary became primary ??

Hello Fernando,

You can also change a priority for one of nodes, in that way that current master node will become a slave

Look at this:  How to setup multiple ProxySGs to provide failover for redudancy (broadcom.com)

I prefere this way beacouse I don't need to hurry up during reboot master node

To check if node changed its role from master to slave You can ping VIP IP address, and check arp table on same network as proxy before and after role swich. Same IP addres shoud have different MAC address.

I hope that info would be usefull for You

Hello Guys.

Need your help to understand the process of following

1) what is the correct way of doing Proxy SG failover Test?  I believe that restarting the primary proxy is the correct way.

Please advice with your comments.

2)Is there any command to execute from primary proxy to failover to secondary ?? if so do we need to execute the same from secondary to switch back to primary. ??   If so What is the command ??

3) Will the entire operation captured under logs ?? can we see there that the primary proxy went off-line and secondary became primary ??

Hello Fernando,

You can also change a priority for one of nodes, in that way that current master node will become a slave

Look at this:  How to setup multiple ProxySGs to provide failover for redudancy (broadcom.com)

I prefere this way beacouse I don't need to hurry up during reboot master node

To check if node changed its role from master to slave You can ping VIP IP address, and check arp table on same network as proxy before and after role swich. Same IP addres shoud have different MAC address.

I hope that info would be usefull for You

Hello Guys.

Need your help to understand the process of following

1) what is the correct way of doing Proxy SG failover Test?  I believe that restarting the primary proxy is the correct way.

Please advice with your comments.

2)Is there any command to execute from primary proxy to failover to secondary ?? if so do we need to execute the same from secondary to switch back to primary. ??   If so What is the command ??

3) Will the entire operation captured under logs ?? can we see there that the primary proxy went off-line and secondary became primary ??