Hi All,
Here attached our current design of proxy, and going to configure failover unit. Now we do the failover on our firewalls and proxy is connected directly to the firewalls.
Question and challenge is : now like to use current LAN-10.1.0.1 on VIP and make active to 10.1.0.3 and standby to 10.1.0.4, also change to WAN-10.1.0.2 to VIP and make active to 10.1.0.5 and standby to 10.1.0.6, and explicit users still will use 10.1.0.1 ip and both active and standby can possible to use same certificates and we don't really want to auto failover from proxy, we want manually failover because it is inline configured between active and standby firewalls.
for that what configuration required? below guides are not accured and no technical steps.
https://support.symantec.com/en_US/article.TECH242151.embed.html
https://www.symantec.com/connect/sites/default/files/Technical%20Brief%20Implementing%20Failover%20Services.pdf
on the guide need to configure VIP on failover - which our case it is directly connected- and can configure 192.168.0.1 and active 192.168.0.2, standby 192.168.0.3 or can use management IPs.
Config for Primary
1. remove LAN interface IP - 10.1.0.1
2. create VIP - 10.1.0.1
3. Assign LAN interface IP - 10.1.0.3
4. remove WAN interface IP - 10.1.0.2
5. create VIP - 10.1.0.2
6. Assign WAN interface IP - 10.1.0.5
7. Failover New
- enabled
- use existing - 10.1.0.1
- multicast 224.0.0.1
- master - check
Standby
. create VIP - 10.1.0.1
. Assign LAN interface IP - 10.1.0.4
. create VIP - 10.1.0.2
. Assign WAN interface IP - 10.1.0.6
. Failover New
- enabled
- use existing - 10.1.0.1
- multicast 224.0.0.1
- master - check
Apply ?
is that correct? also how to do manually failover?