Setting Up the HA Screens
This section explains how you prepare either stealth-mode or routing-mode Screens to run HA.
Note -
The Screens in an HA cluster must have identical network interfaces. All Screens in the HA cluster must be the same type; either stealth or routing.
Preparing Stealth Mode Screens for HA
The first step when defining an HA cluster is to properly configure the necessary network interfaces and install the SunScreen software.
Prepare the System
-
Configure the interfaces on the Primary machine.
-
If it does not already exist, configure the administration interface.
For bos-screen1 in this example, use the following command:
echo "192.168.1.3" > /etc/hostname.le0
-
If it does not already exist, configure the HA heartbeat interface.
For bos-screen1 in this example, use the following command:
# echo "10.0.4.1" > /etc/hostname.le0
-
Reboot the Primary machine.
-
-
Install the SunScreen software on the Primary machine and verify that it is functions properly
Follow the instructions for the stealth mode example described in Chapter 4, Configuring a Stealth Mode Screen
-
Prepare a Secondary machine to mirror the configuration of the Primary Screen.
This machine will be used as the secondary HA Screen. In this example, the second machine is named bos-screen2. The second machine (HA secondary) must be identical to the first machine (HA primary) in the following ways:
-
Solaris configuration
-
hardware (ideally)
-
Interface types
The only configuration differences between the first and second machines are:
-
/etc/nodename
-
IP address of the administrative interface
-
IP address of the HA interface
-
-
Configure the interfaces on the Secondary machine.
-
If it does not already exist, configure the administration interface.
For bos-screen2 in this example, use the following command:
# echo "192.168.1.4" > /etc/hostname.le0
-
If it does not already exist, configure the HA heartbeat interface.
For bos-screen2 in this example, use the following command:
# echo "10.0.4.2" > /etc/hostname.le0
-
Reboot the Secondary machine.
-
Your systems are now prepared to run HA in stealth mode. Continue with the configuration by going to "Configuring the HA Cluster".
Preparing Routing Mode Screens for HA
The first step when defining an HA cluster is to properly configure the necessary network interfaces and install the SunScreen software.
Prepare the System
-
Configure the interfaces on the Primary machine.
-
If it does not already exist, configure the HA heartbeat interface.
For sf-screen1 in this example, use the following command:
# echo "10.0.5.1" > /etc/hostname.qe2
-
If they do not already exist, configure the filtering interfaces.
For sf-screen1 in this example, you would use the following commands to configure the two screening interfaces:
# echo "10.0.1.100" > /etc/hostname.qe0
# echo "192.168.2.2" > /etc/hostname.qe1
-
Reboot the Primary machine.
-
-
Install the Screen software on the Primary machine and verify that it is functions properly.
-
Prepare a Secondary machine to mirror the configuration of the Primary.
This machine will be used as the secondary HA Screen. In this example, the second machine is named sf-screen2. The second machine (HA secondary) must be identical to the first machine (HA primary) in the following ways:
-
Solaris configuration
-
hardware (ideally)
-
Interface types
The only configuration differences between the first and second machines are:
-
/etc/nodename
-
IP address of the administrative interface (if a separate one exists)
-
IP address of the HA interface
-
-
Configure the interfaces on the Secondary machine
-
If it does not already exist, configure the HA heartbeat interface.
For sf-screen2 in this example, use the following command:
# echo "10.0.5.2" > /etc/hostname.qe2
-
If they do not already exist, configure the filtering interfaces.
For sf-screen2 in this example, you would use the following commands to configure the two filtering interfaces:
# echo "10.0.1.100" > /etc/hostname.qe0
# echo "192.168.2.2" > /etc/hostname.qe1
-
Reboot the Secondary machine.
Note -Be sure to physically disconnect the screening interfaces before you reboot the system. These interfaces should not be reconnected until after the HA configuration is complete, and the policy has been activated on the Primary Screen.
-
Your systems are now prepared to run HA in Routing mode. Continue with the configuration by following the instructions in the "Configuring the HA Cluster" section that follows.
- © 2010, Oracle Corporation and/or its affiliates