24.5 Restoring an Access Gateway

If any hardware fails on the Access Gateway machine, you can preserve its configuration and apply it to the replacement machine.

24.5.1 Clustered Access Gateway

If the hardware fails on an Access Gateway machine that belongs to a cluster:

  1. In the Administration Console, view the configuration of the cluster. Click Devices > Access Gateways.

  2. (Conditional) If the failed Access Gateway is the primary server, assign another server to be the primary server:

    1. On the Access Gateways page, click [Name of Cluster] > Edit.

    2. For the Primary Server field, select another server to be the primary server, then click OK > Close.

    3. Click Identity Servers > Update.

  3. Delete the failed Access Gateway from the cluster. Click Access Gateways, select the failed Access Gateway, then click Actions > Remove from Cluster.

    IMPORTANT:Do not delete the Access Gateway from the Administration Console.

  4. On the new machine, install the Access Gateway, specifying the Administration Console, IP address, host name, and domain name of the failed machine.

  5. (Conditional) If you have customized error messages, copy the message files to the Access Gateway.

  6. When the machine imports into the Administration Console, add the machine to the Access Gateway cluster:

    1. In the Administration Console, click Devices > Access Gateways.

    2. Select the name of the Access Gateway, then click Actions > Assign to Cluster > [Name of Cluster].

    3. Update the Access Gateway.

24.5.2 Single Access Gateway

Do not delete the Access Gateway from the Administration Console. If you delete the Access Gateway from the Administration Console, the configuration information is deleted.

  1. On the new machine, install the Access Gateway by using the Administration Console, IP address, host name, and domain name of the failed device.

  2. If you have customized error messages, copy the message files to the Access Gateway.

  3. When the installation is completed and the device has been imported in the Administration Console, verify the following:

    1. Check its trusted relationship with the Identity Server. Click Devices > Access Gateways > Edit > Reverse Proxy / Authentication.

    2. If you have configured the Access Gateway to use SSL, reconfigure the certificates for the listener. Click Devices > Access Gateways > Edit > [Name of Reverse Proxy].