Specifications
5.
6.
7.
1.
2.
3.
a.
b.
c.
d.
4.
Create a backup of the existing Barracuda SSL VPN configuration using the page.ADVANCED > Backup
Use the page to verify that no processes are running.ADVANCED > Task Manager
On this page, enter the and click . This is the password shared by all Barracuda SSL VPNCluster Shared Secret Save Changes
appliances in this cluster. It is limited to only ASCII characters.
Adding an Appliance to the Cluster
Any Barracuda SSL VPN appliance that is added to the cluster will have most of its local data (except user data and that specified in Non-Clustere
d Data overwritten with settings extracted from the cluster. The first system (the one identified first in the Add System field) is the source for the
initial settings.
In the field, enter the IP address of a system in the cluster (or, the first system if the cluster has not yet been created). AAdd System
fully-qualified domain name can be entered, but could cause name resolution issues so is not recommended.
Click . The time to complete the join depends on the number of users, domains, and the load on each Barracuda SSL VPNJoin Cluster
appliance. During this time the configuration from the other system will be copied onto this system. The system will restart, and you will
need to login and navigate to this page.
On each system in the cluster, perform the following:
Refresh the page to view the updated status.ADVANCED > Linked Management
Verify that the list contains the IP address of clustered system.Clustered Systems each
Verify that the indicates that each clustered system is up and communicating with this system. The columnConnection Status
displays green for each system that is available and red for each system that cannot be reached. Initially, it may take up to a
minute for the status light to turn green. The field tells how long it takes to send updates to each ofSynchronization Latency
the other systems in the cluster. The value of this field should be 2 seconds or less. If it is greater, configuration changes may not
be propagated correctly.
The column in the Clustered Systems table should usually show all systems in the cluster as being active. If a system is inMode
standby mode, changes to its configuration are not propagated to other systems in the cluster.
(Optional) Distribute the incoming SSL traffic to each Barracuda SSL VPN using a load balancer.
Simple High-Availability
Simple High-Availability (HA) can be used in cases where more than one Barracuda SSL VPN is available to create a failover cluster but a load
balancer is not in use. Only one SSL VPN system will actively process traffic. The other system(s) will act as passive backup(s).
In an HA cluster, a virtual IP address is used to access the SSL VPN service. If the active system becomes unavailable, one of the passive
systems in the cluster will become active and serve requests directed to the virtual IP address. You will use the individual IP addresses of the
systems in the cluster for management. When the originally active SSL VPN appliance becomes available again, it will act as a passive backup.
Creating a High-Availability Cluster
Use the following steps to create a high-availability cluster.
Complete the steps in the task above.Adding an Appliance to the Cluster
In the section, enter the Virtual IP address.Simple High-Availability
On the initially-active system, select the High-Availability Master option.
Setting Non-Proxied Hosts
If the Barracuda SSL VPN systems are using a proxy ( ), then you must also configure non-proxy hosts in theBASIC > IP Configuration
Barracuda SSL VPN appliance interface on port 443. To do this, log onto each Barracuda SSL VPN appliance interface. From the ADVANCED >
page, make sure there is a non-proxied host entry for your IP range that the clustered systems are on (for exampleConfiguration > Proxies
192.168.0.*). Without this setting, data synchronization may not occur and your systems will not be truly clustered.
Non-Clustered Data
The following data is not propagated to each system in the cluster:
IP Address, Subnet Mask, and (on the page).Default Gateway BASIC > IP Configuration
Primary DNS Server and (on the page).Secondary DNS Server BASIC > IP Configuration
Serial number (this will never change).
Hostname (on the .BASIC > IP Configuration page)
All SSL information, including saved certificates (on the page). > SSL CertificateBASIC
Any advanced IP configuration (models 600 and above, on the page).ADVANCED > Advanced IP Configuration
Energize updates do not synchronize across systems in a cluster.