This past weekend I setup an Active/Active Cluster with our two ASG 425's. (which was very easy) My main appliance we have been using for a long time with e-directory integration. We are using http proxy and have it "tweaked" just the way we like it. It authenticates with e-directory SSO.
I have custom notifications setup on it when a user is blocked from a website.
The main appliance was on version 7.305 before I started anything with the cluster. Friday night I upgraded it to 7.404 without any problems. Saturday morning I came in and went through the process of connecting the other 425 appliance that was already on version 7.404. I clustered them both so the main one is the Master and the secondary is the slave. I do realize they can change roles when there is a failure.
My problem I have found. This morning (Monday) I saw a website blocked with my custom logo and explanation. On a computer next to it I went to the same website and it had the default block screen.
I also see that two different computers are getting different proxy results for allowing and denying. What I mean by that is both machines should be allowed to the same website. One computer got through (using the same user account) the other one did not. The website eventually worked but, I don't know which firewall it went through. I'm assuming the Master one let it work and the slave did not.
My thoughts are that the Master has not completely transferred all the settings to the slave. I'm wondering if I need to give it more time or try something else with it.
I hope this makes sense.
David
This thread was automatically locked due to age.
