Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Contact Us
Login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

Contact Us
Login

login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Request a Demo

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services

BY INDUSTRY

BY REGULATION

BY TOPIC

Microsoft Security

Unlock the full power of Microsoft Security

Offensive Security

Solutions to maximize your security ROI

Rapidly Secure New Environments

Security for rapid response situations

Securing the Cloud

Safely navigate and stay protected

Securing the IoT Landscape

Test, monitor and secure network objects

About Us

We reduce cyber risk and fortify organizations

Awards and Accolades

Recognition by analysts and media outlets

Trustwave SpiderLabs Team

Global researchers, ethical hackers, and responders

Trustwave Fusion Security Operations Platform

Unprecedented security visibility and control

Trustwave Security Colony

Access to cybersecurity threat protection resources

Technology Alliance Partners

Key alliances who align and support our ecosystem of security offerings

Trustwave PartnerOne Program

Join forces with Trustwave to protect against the most advance cybersecurity threats

BLOGS

UPCOMING

MEDIA & ASSETS

NOTICES

HELP

Trustwave Knowledge Base

KB Home Search Latest Additions Most Popular

Knowledgebase

Home » Knowledgebase » Legacy Products » Secure Web Gateway » HOWTO: How to migrate SWG Policy Servers from physical to virtual...

HOWTO: How to migrate SWG Policy Servers from physical to virtual

Show/Hide Article Tools

This article applies to:

SWG 10.1
SWG 10.2
SWG 11.0

Question:

What is the best practice to migrate Policy Servers from physical to virtual?

Procedure:

From the release of SWG 10.1, and if SWG is licensed to use virtual functionality, it is possible to load the SWG OS image onto a virtual platform.

Note: The following scenarios apply to dedicated Policy Server device(s) only, since an HA Policy Server cannot be set on a Policy Server that is part of an All-In-One role.

To migrate from a single Physical Policy Server to a single Virtual Policy Server:

1. Create a new virtual instance of SWG Policy Server.

2. If running 10.1, apply the current license key and upgrade it with the latest Maintenance Release.

3. If running 10.1, apply all the latest patches on top of the latest Maintenance Release.

4. Add it as a Passive Policy Server to the physical Policy Server: From the Device tree -> Policy Server > High Availability

5. Wait until both Policy Servers are synchronized (this will take time as there is a full replication process running).

6. If Synchronization does not occur (10.1 only), run it manually by right-clicking the Passive Policy Server and selecting Synchronize Now.

7. Switch Policy Server roles so that the virtual Policy Server becomes the Active Policy Server:

1. In 10.1, from the GUI, right-click the Passive Policy Server and select Switch Now.

2. From 10.2, from the Limited Shell, run the failover command.

8. Wait until both Policy Servers are synchronized (this will take time).

9. If you are not using VIP (10.2 and later), open the GUI by browsing to the new Policy Server’s IP.

10. Disable the HA feature on the Active Policy Server which is running as a VM instance at this point.

11. Shut down the physical Policy Server.

Do not use this Policy Server again since it may cause device conflicts with scanners managed by VM Policy Server.

To migrate from HA Physical Policy Servers to HA Virtual Policy Servers:

1. Create a new virtual instance of SWG Policy Server.

2. If running 10.1, apply the current license key and upgrade it with the latest Maintenance Release.

3. If running 10.1, apply all the latest patches on top of the latest Maintenance Release.

4. Remove the Passive physical Policy Server from the GUI and wait for the other Policy Server to synchronize.

5. Add the new virtual Policy Server as Passive to the physical Policy Server.

At this point the SWG HA pair consists of Active Physical and Passive Virtual Policy Servers.

6. Wait until both Policy Servers are synchronized (this will take time as there is a full replication process running).

7. If Synchronization does not occur (10.1 only), run it manually by right-clicking the Passive Policy Server and selecting Synchronize Now.

8. Switch Policy Server roles so that the virtual Policy Server becomes the Active Policy Server:

1. In 10.1, from the GUI, right-click the Passive Policy Server and select Switch Now.

2. From 10.2, from the Limited Shell run the failover command.

9. Wait until both Policy Servers are synchronized (this will take time).

10. If you are not using VIP (10.2 and later) open the GUI by browsing to the new Policy Server’s IP.

11. Create another new virtual instance of SWG Policy Server.

12. If running 10.1, apply the current license key and upgrade it with the 10.1.2 Maintenance Release.

13. If running 10.1, apply all the latest patches on top of the 10.1.2 Maintenance Release.

14. Add it as a Passive Policy Server to the existing Policy Server.

15. Wait until both Policy Servers are synchronized (this will take time as there is a full replication process running).

16. Shut down the physical Policy Server.

At this point the SWG Policy Servers consists of Active Virtual and Passive Virtual Policy Servers.

Do not use the physical Policy Server again since it may cause device conflicts with scanners managed by VM Policy Servers.

To contact Trustwave about this article or to request support: