- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-22-2013 05:59 AM
If I use the REST API to pass user ID mappings from my RADIUS servers into the firewalls, what should I do when they are in an HA pair?
Because I don't necessarily know which with be the active one, should I just write to one and if that fails, swap to the other (will work if they pass user info between them) or do I have to write all updates to both simultaneously to ensure that the active one has the data?
Thanks in advance
Oh, while I am in here, how can I see if it is working? With the XML API to the server user id agent, there was a log I could query, but I can't see anything similar on the device.
05-22-2013 10:28 AM
User-IP mappings are synchronized between two firewalls if in a HA pair. This needs to be done especially because if one firewall learns an IP address for a user via captive portal or XML-API, the information needs to be synchronized to the other device since the User-ID agent never gets it and can therefore never provide it in case of a failover. Therefore, as long as both devices are connected and syncing data, you can pick one and it will sync to the other. The best choice is to choose the Active-Primary device.
05-23-2013 03:36 AM
Thanks jf, that is great.Do you happen to know how I can see if the XML interface is working, other than seeing users resolved in the traffic logs?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!