28.5 Restoring an Access Gateway

If any hardware fails on Access Gateway machine, you can preserve its configuration and apply it to the replacement machine.

28.5.1 Clustered Access Gateway

If the hardware fails on an Access Gateway machine that belongs to a cluster:

  1. In Administration Console Dashboard, view the configuration of the cluster. Click Devices > Access Gateways.

  2. (Conditional) If the failed Access Gateway is the primary server, assign another server to be the primary server:

    1. On Access Gateways page, click [Name of Cluster] > Edit.

    2. For the Primary Server field, select another server to be the primary server, then click OK > Close.

    3. Click Identity Servers > Update.

  3. Delete the failed Access Gateway from the cluster. Click Access Gateways, select the failed Access Gateway, then click Actions > Remove from Cluster.

    IMPORTANT:Do not delete Access Gateway from Administration Console.

  4. On the new machine, install Access Gateway, specifying Administration Console, IP address, host name, and domain name of the failed machine.

  5. (Conditional) If you have customized error messages, copy the message files to Access Gateway.

  6. When the machine imports into Administration Console, add the machine to Access Gateway cluster:

    1. In Administration Console Dashboard, click Devices > Access Gateways.

    2. Select the name of Access Gateway, then click Actions > Assign to Cluster > [Name of Cluster].

    3. Update Access Gateway.

28.5.2 Single Access Gateway

Do not delete Access Gateway from Administration Console. If you delete Access Gateway from Administration Console, the configuration information is deleted.

  1. On the new machine, install Access Gateway by using Administration Console, IP address, host name, and domain name of the failed device.

  2. If you have customized error messages, copy the message files to Access Gateway.

  3. When the installation is completed and the device has been imported in Administration Console, verify the following:

    1. Check its trusted relationship with Identity Server. Click Devices > Access Gateways > Edit > Reverse Proxy / Authentication.

    2. If you have configured Access Gateway to use SSL, reconfigure the certificates for the listener. Click Devices > Access Gateways > Edit > [Name of Reverse Proxy].