If you deploy two or more Forcepoint Web Security appliances so that their Content Gateway modules form a cluster, then all the Content Gateway nodes in that cluster share configuration information. This means that a configuration change on one Content Gateway node is automatically made in all other nodes.

Note Content Gateway cannot accommodate different versions of Content Gateway within the same cluster. This means that the configuration files will not automatically sync between different versions within the same cluster. Adjust the configuration files for each version within the cluster.
 

However, there is a known situation that can temporarily disrupt the synchronization of configuration settings in a Content Gateway cluster. This article explains how that can occur, and tells how to correct it.

Suppose that appliances A and B are deployed as part of a Content Gateway cluster.

1. Suppose that you back up appliance A and then stop the Content Gateway services on appliance A.
2. While Content Gateway is stopped on A, you make a Content Gateway configuration change to appliance B.
3. Then, you restore appliance A from backup and restart it.
4. The two Content Gateway modules incorrectly believe that they are synced up in the cluster, and they do not attempt to re-sync.

The underlying issue is simply that both Content Gateway modules changed (appliance A was restored; appliance B underwent a proxy configuration change while A was stopped). Thus, both Content Gateway modules increased their internal configuration tracking number by 1. So, the two appliances think their Content Gateway configurations match.

A simple restart does not resolve this problem.

Instead, make a configuration change on either of Content Gateways in the cluster and click Apply. There is no need to restart after the Apply.

The proxy configuration files of the two appliances will then re-synchronize.



keywords: wcg; clustering; management cluster; workaround; sync; appliance backup;