Applies to Barracuda SSL VPNs, model 480 and above, firmware version 1.4.x and higher.
Before attempting to cluster your Barracuda SSL VPNs be sure to do the following:
- Create a backup of the existing configuration so that it is not lost should the clustering process fail for some reason.
- All SSL VPNs that will be clustered should have the same firmware version. If they are not, the systems should be upgraded to the latest firmware prior to clustering.
To cluster your SSL VPNs:
- Log into the Appliance interface at http://<server>:8000 (or port 8443 for SSL connections).
- Go to ADVANCED > Linked Management and set the Cluster Shared Secret. Every SSL VPN that will be in the cluster must have the same Shared Secret in order for them to link successfully.
- Save the Shared Secret, this will restart the SSL VPN unit.
- After the reboot, return to the ADVANCED > Linked Management page. In the Clustered Systems section add the IP address of the SSL VPN that this unit will be clustering with. The current systems configuration will be replaced with a copy of the configuration from the specified unit. Ensure that the correct unit is in use and that the target system is configured correctly to avoid any accidental configuration removals.
- The list of clustered node will not update immediately and may require a couple of page refreshes for the list to be displayed correctly. When the list is displayed correctly, it will show all of the SSL VPNs in the cluster with a green light icon denoting that they can be reached.
- Repeat this for all of the SSL VPNs that will be in the cluster.
To test that the cluster is sharing information, log in into one of the units directly and create a new resource. Now, when accessing any other system in the cluster the new resource should be available.
- Note that the configuration will be cloned from the unit you specify in Add System and will wipe the configuration of the system you are currently logged in to .
- With standard clustering you will need an external Load Balancing device to load the incoming connections evenly between all SSL VPNs in the cluster.
- If you do not wish to use a Load Balancer, there is another clustering option available called Simple High-Availability in which only one node handles connections with the other as a hot standby.
- See Solution #00004453 for details on this.
- See also the "Clustering and High Availability" document available below.
- This same document is also downloadable from the Barracuda SSL VPN section of the Barracuda Networks Documentation page.
Link to this page: