9815467684 Anuj from Sales Radware

8130693776 Sumit from Radware

*****************************Radware Meeting
Notes******************************************

perpetaul license,

Signature update service- license ,additional license (weekly, )- subscription

Behavioral protection- feature,

earlier- 6.x

8.20x version

centralized Manager- VA, separate license, subscription,

mandatory

****************************Questions need to
ask*******************************************
HA links direct or indirect connectivity -
How many links for HA
- Bundle is possible or not
Heartbeat timer and failover timeout
MNG-1 and MNG-2 shoud be in same subnet or not for HA and both can be used or not?

****************************High Availability DefensePro

Full*******************************************
HA - Active Passive (DefensePro)

_____Both cluster members must meet the following requirements:_____

• Must use the same:
— Platform
— Software version
— Software license
— Throughput license
— Radware signature file
• Must be on the same network.
• Must use the same management port (that is, MNG-1 on both devices, MNG-2 on both
devices, or both MNG-1 and MNG-2 on both devices).

_____The members of a cluster work in an active-passive architecture._____

When a cluster is created:
• The primary device becomes the active member.
• The secondary device becomes the passive member.
• The primary device transfers the relevant configuration objects to the secondary
device.

A secondary device maintains its own configuration for the device users, IP
interfaces, routing, and
the port-pair Failure Mode.

A primary device immediately transfers each relevant change to its secondary

device. For example,
after you make a change to a Network Protection policy, the primary device
immediately transfers
the change to the secondary device. However, if you change the list of device users
on the primary
device, the primary device transfers nothing (because the secondary device
maintains its own list of
device users).

_____Active-Passive triggers to change its states-_____

The passive device does not detect the active device according to the
specified HeartbeatTimeout.

All links are identified as down on the active device according to the
specified Link Down Timeout.

Optionally, the traffic to the active device falls below the specified Idle
Line Threshold for the specified Idle Line Timeout.

You issue the Switch Over command. To switch the device states, select the
cluster node, and then select Switch Over.

The actions that you can perform on a secondary device are limited.
You can perform only the following actions on a secondary device:
• Switch the device state (that is, switch over active to passive and
passive to active).
• Break the cluster if the primary device is unavailable.
• Configure management IP addresses and routing.
• Configure the port-pair Failure Mode.
• Manage device users.
• Download a device configuration.
• Upload a signature file.
• Download the device log file.
• Download the support log file.
• Reboot.
• Shut down.
• Change the device name.
• Change the device time.
• Initiate a baseline synchronization if the device is passive, using
the CLI or Web Based Management.

%%%%%%%%%%%%%___Imp. Notes___%%%%%%%%%%%%%
• To create a cluster, the devices must not be locked by another user.

• By design, an active device does not fail over during a user-

initiated reboot. Before you reboot an active device, you can manually switch to
the other device in the cluster.

• You can initiate a baseline synchronization if a cluster member is

passive, using the CLI or Web Based Management.

• When you upgrade the device software, you need to break the cluster
(that is, ungroup the two devices). Then, you can upgrade the software and
reconfigure the cluster as you require.

• In an existing cluster, you cannot change the role of a device

(primary to secondary or vice versa). To change the role of a device, you need to
break the cluster (that is, ungroup the two devices), and then, reconfigure the
cluster as you require.
 • If the devices of a cluster belong to different Sites, APSolute
Vision creates the cluster node under the Site where the primary device resides;
and APSolute Vision removes the secondary device from the Site where it was
configured.

• APSolute Vision issues an alert if the state of the cluster members

is ambiguous—for example, if there has been no trigger for switchover and both
cluster members detect traffic. However, during the initial synchronization
process, the state of the cluster members is momentarily ambiguous, and this
situation is normal.

• When a passive device becomes active, any grace time resets to 0 (for
example, the time of the Graceful Startup Mode Startup Timer).

• You can monitor high-availability operation in the High Availability

pane of the Monitoring perspective (Monitoring perspective, Operational Status >
High Availability).