Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Resolving Issues with a Proxy HA Configuration

Several measures can be taken when trying to resolve issues with a Proxy HA configuration, also known as High Availability cluster.

Look up VRRP health check messages

Messages about the VRRP health checks are logged on an appliance system under:

/var/log/messages

These messages also inform you about whether an appliance is in director or backup node status.

Find out which node blocked a request

To find out which of the nodes in a High Availability cluster blocked a request, edit the user message template for Block actions. Insert the System.HostName property.

Test a node

To test the behavior of a particular node, enter only its IP address in the table of scanning nodes, leaving out all other addresses, before operating the High Availability cluster.

Identify the active director

To identify the active director node that owns the virtual IP address of the High Availability cluster, set up an SSH session with each node. Then run the ip addr show command on each of them.

Turn a director node into a scanning node

When an issue occurred with a director node, you can change its role and turn it into a scanning node that performs no other functions besides scanning.

First set the director priority for this node to 0. Be sure to save what you configured here.

Then change the settings that you configured on this node for the HTTP and FTP proxies with ports that listen to requests coming in from the clients. These settings include the network interface IP address. Set this address to 0.0.0.0.

Inspect failure to distribute web traffic

If all web traffic is processed on the director node or another single node instead of being distributed to other nodes, it could have these reasons:

  • The director node does not know about any other nodes because no IP addresses of other scanning nodes have been entered in the scanner table.
  • All traffic is coming from the same source IP address because there is a downstream proxy or a NAT device in place. Then the usual behavior for load balancing is to direct this traffic to the same node again and again.
  • Was this article helpful?