Skip to main content

BlastShield Documentation

Configure Gateway High Availability

You can configure active and standby Gateway redundancy using the High Availability function. The HA function provides Gateway redundancy for scenarios where high availability of the protected assets is a requirement. Should the hardware running a Gateway in an HA cluster fail, then the standby Gateway instance will take over, and the endpoints will not lose service. Failover is stateful, and no reconnects are required.

gateway-HA-0-schematic.png

To learn how to do this, please read the instructions below.

Prerequisites

  1. You will require at least two operational and connected Gateways. The active Gateway and at least one standby Gateway. The status of each Gateway in the Orchestrator must be online.

  2. The endpoints to be protected by the HA Gateway group must be reachable from each Gateway. Note that the endpoints only need to be provisioned on the active Gateway. The HA process will copy the endpoint configuration onto the standby Gateway.

  3. If the Gateway is using IP Address (Destination NAT) addressing mode, you should have a static IP configured for the Gatway endpoint interface.

  1. Login to the Orchestrator and make the prerequisite checks on the Gateways. Click on the Gateways menu on the left and side of the Orchestrator main menu and verify the Gateway status is online. In this example we will configure Gateway 1 and Gateway 2 as an HA group. Both Gateways are online and there is one configured endpoint on Gateway 1.

    gateway-HA-1-all-gws.png

  2. To configure High Availability on Gateway 1, go to the High Availability tab and click on Add Failover Gateway.

    gateway-HA-7-failover-gw-no-HA-config.png

    1. In the Select Gateway dropdown, select Gateway 2.

      gateway-HA-8-target-gw-add-failover-gw.png

    2. Choose the Gateway from the displayed list

      gateway-HA-9-target-gw-select-failover-gw.png

    3. Then click Add.

      gateway-HA-10-target-gw-select-gateway-2.png

  3. The High Availability view in Gateway 1 is now updated to show the HA pair.

    gateway-HA-11-HA_setup_complete.png

  4. From the Gateway menu, you will now see only Gateway 1 from the top level view.

    gateway-HA-HA_setup_complete_all_gateways.png

  5. You can manually switch Gateways between active and standby statues using the following method.

    1. Go to the High Availability menu, and chose the Promote to active option for the new intended active Gateway.

      gateway-HA-12-promote-to-active.png

    2. The chosen Gateway is promoted to active status and the display will update.

      gateway-HA-13-promoted-to-active.png
In this section: