5.
6.
7.
1.
2.
3.
a.
b.
c.
d.
4.
Create a backup of the existing Barracuda SSL VPN configuration using the
page.
ADVANCED > Backup
Use the
page to verify that no processes are running.
ADVANCED > Task Manager
On this page, enter the
and click
. This is the password shared by all Barracuda SSL VPN
Cluster Shared Secret
Save Changes
appliances in this cluster. It is limited to only ASCII characters.
Adding an Appliance to the Cluster
Any Barracuda SSL VPN appliance that is added to the cluster will have most of its local data (except user data and that specified in
overwritten with settings extracted from the cluster. The first system (the one identified first in the Add System field) is the source for the
initial settings.
In the
field, enter the IP address of a system in the cluster (or, the first system if the cluster has not yet been created). A
Add System
fully-qualified domain name can be entered, but could cause name resolution issues so is not recommended.
Click
. The time to complete the join depends on the number of users, domains, and the load on each Barracuda SSL VPN
Join Cluster
appliance. During this time the configuration from the other system will be copied onto this system. The system will restart, and you will
need to login and navigate to this page.
On each system in the cluster, perform the following:
Refresh the
page to view the updated status.
ADVANCED > Linked Management
Verify that the
list contains the IP address of
clustered system.
Clustered Systems
each
Verify that the
indicates that each clustered system is up and communicating with this system. The column
Connection Status
displays green for each system that is available and red for each system that cannot be reached. Initially, it may take up to a
minute for the status light to turn green. The
field tells how long it takes to send updates to each of
Synchronization Latency
the other systems in the cluster. The value of this field should be 2 seconds or less. If it is greater, configuration changes may not
be propagated correctly.
The
column in the Clustered Systems table should usually show all systems in the cluster as being active. If a system is in
Mode
standby mode, changes to its configuration are not propagated to other systems in the cluster.
(Optional) Distribute the incoming SSL traffic to each Barracuda SSL VPN using a load balancer.
Simple High-Availability
Simple High-Availability (HA) can be used in cases where more than one Barracuda SSL VPN is available to create a failover cluster but a load
balancer is not in use. Only one SSL VPN system will actively process traffic. The other system(s) will act as passive backup(s).
In an HA cluster, a virtual IP address is used to access the SSL VPN service. If the active system becomes unavailable, one of the passive
systems in the cluster will become active and serve requests directed to the virtual IP address. You will use the individual IP addresses of the
systems in the cluster for management. When the originally active SSL VPN appliance becomes available again, it will act as a passive backup.
Creating a High-Availability Cluster
Use the following steps to create a high-availability cluster.
task above.
Adding an Appliance to the Cluster
In the
section, enter the Virtual IP address.
Simple High-Availability
On the initially-active system, select the High-Availability Master option.
Setting Non-Proxied Hosts
If the Barracuda SSL VPN systems are using a proxy (
), then you must also configure non-proxy hosts in the
BASIC > IP Configuration
Barracuda SSL VPN appliance interface on port 443. To do this, log onto each Barracuda SSL VPN appliance interface. From the ADVANCED >
page, make sure there is a non-proxied host entry for your IP range that the clustered systems are on (for example
Configuration > Proxies
192.168.0.*). Without this setting, data synchronization may not occur and your systems will not be truly clustered.
Non-Clustered Data
The following data is not propagated to each system in the cluster:
IP Address, Subnet Mask, and
(on the
page).
Default Gateway
BASIC > IP Configuration
Primary DNS Server and
(on the
page).
Secondary DNS Server
BASIC > IP Configuration
Serial number (this will never change).
Hostname (on the
.
BASIC > IP Configuration page)
All SSL information, including saved certificates (on the
page).
> SSL Certificate
BASIC
Any advanced IP configuration (models 600 and above, on the
page).
ADVANCED > Advanced IP Configuration
Energize updates do not synchronize across systems in a cluster.