- Release notes
- What's new
- FAQs
- Licensing
- Updating and Upgrading to NetScaler SD-WAN 9.3
- Single-Step Upgrade for SD-WAN Appliances
- Before You Begin
-
Getting Started by Using NetScaler SD-WAN
- NetScaler SD-WAN Management Web Interface
- One Touch Start
- Installing the SD-WAN Appliance Packages on the Clients
- Preparing the SD-WAN Appliance Packages on the MCN
- Connecting the Client Appliances to Your Network
-
Setting up the SD-WAN Appliances
- Setting up the Appliance Hardware
- Setting the Management IP Addresses for the Appliances
- Setting the Management IP Address for a SD-WAN Appliance
- Setting the Date and Time on an SD-WAN Appliance
- Setting the Console Session Timeout Interval (Optional)
- Uploading and Installing the SD-WAN Software License File
- Troubleshooting DHCP Management IP Address Configuration
- Configuring Alarms
- Configuration Rollback
- About SD-WAN VPX Standard Edition
-
Deployment
- Installing and Deploying a SD-WAN VPX Standard Edition on VMware ESXi
-
Setting up the Master Control Node (MCN) Site
- Master Control Node (MCN)
- How to Switch the Management Web Interface to MCN Console Mode
- How to Add the MCN Site
- How to Configure Virtual Interface Groups for the MCN Site
- How to Configure Virtual IP Addresses for the MCN Site
- How to Configure GRE Tunnels for the MCN Site (Optional)
- How to Configure WAN Links for the MCN Site
- How to Configure Routes for the MCN Site
- How to Configure High Availability (HA) for the MCN Site (Optional)
- How to Enable and Configure Virtual WAN Security and Encryption (Optional)
- Naming, Saving, and Backing Up the MCN Site Configuration
-
Adding and Configuring the Branch Sites
- How to Add the Branch Site
- How to Configure Virtual Interface Groups for the Branch Site
- How to Configure Virtual IP Addresses for the Branch Site
- How to Configure GRE Tunnels for the Branch Site
- How to Configure WAN Links for the Branch Site
- How to Configure Routes for the Branch Site
- How to Configure High Availability (HA) for the Branch Site (Optional)
- How to Clone the Branch Site (Optional)
- How to Resolve Configuration Audit Alerts
- How to Save the Completed Sites Configuration
-
Deployment use Cases
- Deploying SD-WAN in Gateway Mode
- Deploying SD-WAN in PBR mode (Virtual Inline Mode)
- Building a SD-WAN Network
- Dynamic Paths for Branch to Branch Communication
- Configuring Static WAN Paths
- Routing Support for LAN Segmentation
- Utilizing Enterprise Edition Appliance to Provide WAN Optimization Services Only
- SD-WAN SE/EE Appliance in Hairpin Deployment Mode
- Two Box Mode
- SD-WAN Overlay Routing
- High Availability Deployment
- Configuration
- Basic Configuration Mode
- How-To-Articles
-
Virtual Routing and Forwarding
- How To Configure Routing Domain
- How To Configure Routes
- How To Select Routing Domain for Intranet Service
- How To Configure Interface Groups
- How To Configure Virtual IP Addresses
- How To Configure Virtual IP Address Identity
- How To Configure GRE Tunnels
- How To Configure Access Interface
- How to Customize Classes
- How to Add Rule Groups and Enable MOS
- How to Create Rules
- How To Configure Firewall Segmentation
- Dynamic routing
- Route Filtering
- Network Objects
- Application Classification
- QoS Fairness With Random Early Detection (RED)
- Application QoS Rules
- MPLS QoS Queues
- Application Quality of Experience (QoE)
- Link State Propagation
- Metering and Standby WAN Links
- Multiple Net Flow collectors
- IPSec Tunnel Termination
- Stateful Firewall and NAT Support
- Configuring Multicast Groups
- NetScaler SD-WAN and Zscaler - Using GRE Tunnels and IPsec Tunnels
- Enabling FIPS Compliance Mode in NetScaler SD-WAN
- Configuring Virtual WAN IPsec for FIPS Compliant Operation
- Firewall Traffic Redirection Support by Using Forcepoint in NetScaler SD-WAN
- Internet Service
- DHCP Server and DHCP Relay Agent
- DHCP Client for Data Port (WAN Link IP Address Learning)
- Adaptive Bandwidth Detection
- Active Bandwidth Testing
- Diagnostic Tool
- Monitoring Your Virtual WAN
-
Auto Secure Peering and Manual Secure Peering
- Auto Secure Peering to an EE appliance from a Standalone WANOP / SDWAN SE/WANOP on the DC site
- Auto Secure Peering Initiated from EE Appliance at DC Site and Branch Site EE Appliance
- Auto Secure Peering Initiated from EE Appliance at DC Site and Branch with WANOP/SE Appliance
- Manual Secure Peering Initiated from EE Appliance at DC Site and Branch EE Appliance
- Manual Secure Peering initiated from EE appliance at DC site to Branch WANOP/SDWAN-SE Appliance
- Domain Join and Delegate User Creation
- SNMPv3 Polling and Trap Capability
- Zero Touch Deployment
- Configure 210-SE LTE
- NetScaler SD-WAN WANOP 9.3
- The WANOP Client Plug-in
- Configuring Service Class Association with SSL Profiles
- Standard MIB Support
- Best Practices - Security
- Reference Material
- Installing SD-WAN SE Virtual Appliances (VPX) in Linux-KVM Platform
- SD-WAN Standard Edition Virtual Appliance (VPX) HA Support for AWS
- SD-WAN Standard Edition Virtual Appliance (VPX) in Hypervisor on HyperV 2012 R2 and 2016
- SD-WAN Standard Edition Virtual Appliance (VPX) HA Support for Microsoft Azure
- XenServer 6.5 Upgrade for SD-WAN Standard Edition Appliances
Configuring the High-Availability Pair
Aug 09, 2017
You can configure two newly installed appliances as a high-availability pair, or you can create an HA pair by adding a second appliance to an existing installation.
Prerequisites: Physical installation and basic configuration procedures
To configure high availability
- Make sure that no more than one appliance is connected to the traffic networks (on the accelerated bridges). If both are connected, disconnect one bridge cable from the active bridges on the second appliance. This will prevent forwarding loops.
- On the Features page of the first appliance, disable Traffic Processing. This disables acceleration until the HA pair is configured.
- Repeat for the second appliance.
- On the first appliance, go to the Configuration: Advanced Deployments: High Availability tab, show below.
- Select the Enabled Check box.
- Click the Configure HA Virtual IP Address link and assign a virtual IP address to the apA interface. This address will be used later to control both appliances as a unit.
- Return to the High Availability page and, in the VRRP VRID field, assign a VRRP ID to the pair. Although the value defaults to zero, the valid range of VRRP ID numbers is 1 through 255. Within this range, you can specify any value that does not belong to another VRRP device on your network.
- In the Partner SSL Common Name field, type the other appliance’s SSL Common Name, which is displayed on that appliance’s Configuration: Advanced Deployments: High Availability tab, in the Partner SSL Common Name field. The SSL credentials used here are factory-installed.
- Click Update.
- Repeat steps 3-8 on the second appliance. If you are managing the appliance via an accelerated bridge (such as apA), you may have to reconnect the Ethernet cable that you removed in step 1 to connect to the second appliance. If so, plug this cable in and disconnect the corresponding cable on the first appliance.
- With your browser, navigate to the virtual IP address of the HA pair. Enable Traffic Processing on the Features page. Any further configuration will be performed from this virtual address.
- Plug in the cable that was left disconnected.
- On each appliance, the Configuration: Advanced Deployments: High Availability page should now show that high availability is active and that one appliance is the primary and the other is the secondary. If this is not the case, a warning banner appears at the top of the screen, indicating the nature of the problem.
Figure 1. High-availability configuration page
Support: https://www.citrix.com/support
Feedback and forums: https://discussions.citrix.com