cancel
Showing results for 
Search instead for 
Did you mean: 

Configure IPs for SA 2500 Cluster

SOLVED
Occasional Contributor

Configure IPs for SA 2500 Cluster

I have one SA 2500 that has been running for a while in stand alone mode. We have a second one we want to use and set these up in an Active/Passive cluster.

 

I've read through the documentation on how to configure the SA cluster, my confusion comes from a lack of knowledge in how the VIPs work. Our primary firewalls are in a cluster/HA setup but use a physical interface for heartbeats so we only deal with physical IPs.

 

Currently our active SA uses an internal IP address of 10.128.0.6. I want all of our traffic and DNS records to point to this IP address (basically so it seems as if nothing changed). Is this the internal VIP I should use? Should I then give both the units internal physical NICs two separate IPs on the same subnet? So, in a nutshel, I'm thinking I would re-IP the currently active unit, configure the standby with another IP, and configure the internal VIP with 10.128.0.6. Does that sound right?

 

How about the external VIP? Again, I want to use the same public IP I am currently using for our DNS records so we don't have to change that and it's as if nothing changed.

 

Any help would be appreciated. Thanks!

6 REPLIES 6
Super Contributor

Re: Configure IPs for SA 2500 Cluster

Yes, that is correct.

 

10.128.0.6 will be the internal VIP and the current external physical IP will be your external VIP so that the dns records stay the same.

 

Change the physical IP of the current SA2500 to a diffreent IP for example 10.128.0.5.

 

Regards,

Jay

Occasional Contributor

Re: Configure IPs for SA 2500 Cluster

Thanks! So it sounds like I'll need three internal IPs. Two for physical and one for VIP. Will I need three externals as well?

Super Contributor

Re: Configure IPs for SA 2500 Cluster

Yes, you will need 3 external ip's as well as the external vip is the ip users will need to connect to the cluster.

 

Regards,

Jay

Occasional Contributor

Re: Configure IPs for SA 2500 Cluster

Thanks again! I appreciate the help!

New Contributor

Re: Configure IPs for SA 2500 Cluster

Hold on... if you just want to map the internal VIP to the outside there is no need to have 3 external IPs as well - mapping the VIP is enough. It will be always the same. The physical internal IPs are for the clustering and to get access to the nodes individually (if neccassary), the VIP always belongs to the active leader in the cluster. And this is the guy you want to see on the outside. You don't want to access each Node selectiv from the outside - don't you?

 

Tell me if I misunderstand the initial issue.

 

regards

doitsolutions

Highlighted
Valued Contributor

Re: Configure IPs for SA 2500 Cluster

You can't configure the external VIP without also configuing local IP addresses for each node.