Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Configure a Cluster from the Command Line Interface

  1. Last updated
  2. Save as PDF

You can use the command line interface (CLI) to configure a cluster of Secure Web Gateway appliances.

A usage information command displays a list of the available commands and their parameters. The command refers to a path and directory on Secure Web Gateway:

/opt/mwg/bin/mwg-coordinator -A usage

These activities can be performed:

  • Adding a node to a cluster

  • Letting an appliance join a cluster

  • Deleting a node in a cluster

  • Importing a cluster certification authority (CA) and key

  • Enabling and disabling message queue logging

  • Updating configuration data in several ways, for example, on all nodes in a cluster

  • Synchronizing policy configuration data when Secure Web Gateway and the cloud version of the product run in a hybrid solution
     

Sample Commands

In the following, two commands are shown as examples. They are used to import the certificate of a certification authority (CA) for a cluster and the key for this certificate to a Secure Web Gateway appliance and then to add this appliance as a node to a cluster.

The IP address of the appliance that is to be joined to the cluster is 192.168.197.130. The cluster certificate resides in the /opt/mwg/temp directory on Secure Web Gateway. Its file name is RTScert.pem. The key resides in the same directory. Its file name is RTSkey.pem.

The user (administrator) is logged on as root user. The appliance name is mwgappl162.

To import the cluster certificate and key, the cmclusterca command is run as shown below:

[root@mwgappl162 ~]# /opt/mwg/bin/mwg-coordinator -A "cmd:trigger_action=cmclusterca;file:ca=/opt/mwg/temp/RTScert.pem,key=/opt/mwg/temp/RTSkey.pem"

The system imports the certificate and key and returns the following message:

OK: new CA successfully applied

DO NOT FORGET TO DELETE THE INPUT KEY FILE FROM THIS MACHINE -> /opt/mwg/temp/RTSkey.pem

To let the appliance join the cluster as a node, the cmclusterjoin command is run:

[root@mwgappl162 ~]# /opt/mwg/bin/mwg-coordinator -A "cmd:trigger_action=cmclusterjoin;options:ip=192.168.197.130,port=12346,forcedetachgui=yes"

The system joins the appliance and returns the following message:

OK: This Node successfully joined the Central Management Cluster

The cluster is referred to here as Central Management Cluster.

Example :

[root@mwgappl162 ~]# /opt/mwg/bin/mwg-coordinator -A "cmd:trigger_action=cmclusterca;file:ca=/opt/mwg/temp/RTScert.pem,key=/opt/mwg/temp/RTSkey.pem"
OK: new CA successfully applied
DO NOT FORGET TO DELETE THE INPUT KEY FILE FROM THIS MACHINE
-> /opt/mwg/temp/RTSkey.pem
[root@mwgappl162 ~]# /opt/mwg/bin/mwg-coordinator -A "cmd:trigger_action=cmclusterjoin;options:ip=192.168.197.130,port=12346,forcedetachgui=yes"
OK: This Node successfully joined the Central Management Cluster

Active cluster nodes was at 192.168.197.130
put the cluster cert in /opt/mwg/temp/RTScert.pem and the key in /opt/mwg/temp/RTSkey.pem and made sure to chmod to 444"

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.