Cluster mode redirection

crystech · April 18, 2024, 3:15pm

Hi all,

I am exploring cluster mode , assuming I have 3 servers

Asia.ztna.com
Emea.ztna.com
Usa.ztna.com

How would the client connect to the best gateway ? There’s no doc about it

Many thanks in advance

HKilic · April 18, 2024, 5:08pm

If you have 3 servers. that means you can open login page on each server. But I offer select one of them for login. Set it to clients configuration
For your sample, each server is in different regions. you can create different gateways on each server and assign them to different networks. And you should set which user/group should access networks with configuration under Policy/Authentication.
When you define a rule under Policy/Authentication, you are defining who could connect to which network over gateways. Best gateway selection is done by you, there is no auto selection
I hope I explained clearly

crystech · April 18, 2024, 5:43pm

Thanks for your prompt replies!
while selection manually seem fine for user in different region .

What I do not understand how the WireGuard connection between the region gateway play a part ?

Example: I have a service that is hosted in Asia server /network
Usually I would prefer emea users connect to emea server and access the Asia services from emea via inter gateway connection or some private WireGuard connection .

This way we ensure the following

Emea users connecting to emea gateway is definitely better in term of latency and performance
Emea gateway to route traffics from emea to Asia via good quality WireGuard tunnel so service set in emea server can reach destination with slightly better quality (assuming dc to dc circuits are usually better than consumer grade )

Or I am assuming wrongly , above need to setup manually cross region interconnect and ferrumgate won’t create intergateway connections?

HKilic · April 19, 2024, 5:29am

Ferrumgate does not create intergateway connections. No need to do it. A configuration sample like below

Example:

Emea users needs to connect services in emea, just create a gateway and network for them on emea server and give permission,

if Emea users needs to connect some services in asia, on asia server create a gateway and network for them and give permission. by this way, users will allways use short path.

You can create as many virtual networks for users/groups to support ZT micro segmentation.

crystech · April 20, 2024, 6:32am

Thanks for prompt reply.
In this case the client seem didn’t support multiple gateway configurations to auto switching to available services etc.

As networking sme, the only way to provide seamless services across regions (some org are mnc) I would create some private network such as WireGuard von and from gateway to permit access for the gateway where it can offer services to client connecting to it .

I will do some poc on this .
Regards