Specifications
Chapter 15: Advanced Administration
253
Configuring CC-SG Clusters
A CC-SG cluster uses two CC-SG nodes, one Primary node and one
Secondary node, for backup security in case of Primary node failure.
Both nodes share common data for active users and active connections,
and all status data is replicated between the two nodes.
Devices in a CC-SG cluster must be aware of the IP of the Primary
CC-SG node in order to be able to notify the Primary node of status
change events. If the Primary node fails, the Secondary node
immediately assumes all Primary node functionality. This requires
initialization of the CC-SG application and user sessions and all existing
sessions originating on the Primary CC-SG node will terminate. The
devices connected to the Primary node will recognize that the Primary
node is not responding and will respond to requests initiated by the
Secondary node.
Requirements for CC-SG Clusters
The Primary and Secondary nodes in a cluster must be running the
same firmware version on the same hardware version (V1 or E1).
Your CC-SG network must be in IP Failover mode to be used for
clustering. Clustering will not work with an IP Isolation mode
configuration. See About Network Setup (on page 239).
Date, time, and time zone settings are not replicated from the
Primary node to the Secondary node. You must configure these
settings in each CC-SG before you create the cluster.
Access a CC-SG Cluster
Once a Cluster is created, users can access the Primary node directly, or
if they point their browser to the Secondary node, they will be redirected.
Redirection does not work for an already downloaded Admin Client
applet, as the web browser needs to be closed and a new session
opened and pointed to the new Primary system.
SSH access to a CC-SG must be to the specific Primary node.
Create a Cluster
You should backup your configuration on both CC-SG units before
creating a cluster.
To create a cluster:
1. Choose Administration > Cluster Configuration.
2. The CC-SG you are currently accessing displays in the Primary
Secure Gateway IP Address/Hostname field, indicating that it will
become a Primary Node.