Hi All ,
I have a requirment for sa4500 box ,
if there are multiple sites across glob where SA4500 installed either as a single node or in cluster ,
is it possible to get failover for a user who is trying to access ssl vpn and if corresponding box is down or not available due to already full with its capacity .
Please share your view how to achieve it .
Thanks for your help -
whish you all very happy and prosperous new year 2013 .
When you mention failover I assume that you would like failover the user session ie after authenticated to SA.
In Active/Passive configuration when one node fails the other node will start to serve the user request.
However, A/P cluster should be in the lan in the same subnet.
Hi SVK ,
Thanks for reply .
Failover means the user failover on other node .
If both the boxes needs to be in same LAN ?
do we need to have a external load balancer to achive it if both ssl vpn boex are in diffrent locations .
I saw this doc -
pls suggest .
We use UTLRA DNS as our load balancer. If not see primary VPN then the pool has secondary VPN. We do not cluster we have individual VPNs up.
We also use UltraDNS and have it balance between our two SA4000 in two different datacenters. We do have them clustered together on different networks. UltraDNS doesn't do any realy fancy load balancing, we just have it set for 50/50 round-robin type with service checking to make sure each node is up and running.... You can setup fialover groups and priorities if you have multiple servers to deal with..