Gateway failover cluster
Failover setup for on-premises installations

Airlock Gateway can be set up as a failover cluster with two Gateway instances for on-premises installations. In an Airlock Gateway failover cluster, there is always 1 active and 1 passive Gateway instance.

  • The active one currently receives the traffic and the passive one is in standby mode. If one Gateway fails, the other automatically takes over.
  • The 2 Airlock Gateway instances have to be connected between their external network interfaces. In order for the 2 Gateway instances to communicate, they need a separate channel.
  • If an Airlock Gateway is used as a failover cluster, it will need an additional IP address (the private failover IP address) that it uses for the failover cluster communication. The 2nd Gateway instance has this IP address configured as the mirror failover IP address, and vice versa, so the two instances can communicate with each other.
  • For the failover communication protocol, it is strongly recommended to use private IP addresses that are not routed on the Internet (i.e. 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16).
  • Clustering uses ports 80 and 29742 on the ext. interface(s) and port 22 on the mgt. interface.

Airlock Gateway clusters with multiple external interfaces check the connectivity on all interfaces with configured Private Failover IP/Mirror Failover IP. A failover switch (takeover) is triggered only if there is no connection on all and every interface pairs.