test

SunScreen 3.2 Configuration Examples

Preparing Routing Mode Screens for HA

The first step when defining an HA cluster is to properly configure the necessary network interfaces and install the SunScreen software.

Prepare the System

  1. Configure the interfaces on the Primary machine.

    1. If it does not already exist, configure the HA heartbeat interface.

      For sf-screen1 in this example, use the following command:


      # echo "10.0.5.1" > /etc/hostname.qe2

    2. If they do not already exist, configure the filtering interfaces.

      For sf-screen1 in this example, you would use the following commands to configure the two screening interfaces:


      # echo "10.0.1.100" > /etc/hostname.qe0
      		 

      # echo "192.168.2.2" > /etc/hostname.qe1

    3. Reboot the Primary machine.

  2. Install the Screen software on the Primary machine and verify that it is functions properly.

  3. Prepare a Secondary machine to mirror the configuration of the Primary.

    This machine will be used as the secondary HA Screen. In this example, the second machine is named sf-screen2. The second machine (HA secondary) must be identical to the first machine (HA primary) in the following ways:

    • Solaris configuration

    • hardware (ideally)

    • Interface types

    The only configuration differences between the first and second machines are:

    • /etc/nodename

    • IP address of the administrative interface (if a separate one exists)

    • IP address of the HA interface

  4. Configure the interfaces on the Secondary machine

    1. If it does not already exist, configure the HA heartbeat interface.

      For sf-screen2 in this example, use the following command:


      # echo "10.0.5.2" > /etc/hostname.qe2

    2. If they do not already exist, configure the filtering interfaces.

      For sf-screen2 in this example, you would use the following commands to configure the two filtering interfaces:


      # echo "10.0.1.100" > /etc/hostname.qe0
      		 

      # echo "192.168.2.2" > /etc/hostname.qe1

    3. Reboot the Secondary machine.

      Note -

      Be sure to physically disconnect the screening interfaces before you reboot the system. These interfaces should not be reconnected until after the HA configuration is complete, and the policy has been activated on the Primary Screen.

Your systems are now prepared to run HA in Routing mode. Continue with the configuration by following the instructions in the "Configuring the HA Cluster" section that follows.