# Previewing Defguard v2.0-alpha2 This tutorial will help you test the new major update to Defguard - version 2.0. For the list of changes made in this version, go to our release blog post or release notes. {% hint style="danger" %} This is an early alpha! Do not migrate from your previous production versions to this one! This release is only for setting up new, test instances. It's meant to preview the upcoming v2.0 and gather feedback. {% endhint %} ## Starting Defguard 2.0 We've prepared a convenient docker compose config file that allows you to easily set up the whole Defguard stack and test the new UI and functionalities. To start the Defguard v2.0 stack, do the following: ``` git clone https://github.com/DefGuard/deployment.git defguard-deployment cd defguard-deployment/docker-compose2.0 docker compose up -d ``` This will start 8 docker containers: * db - PostgreSQL database * core - Defguard Core component (main control plane) * edge1 - Defguard Edge (formerly Proxy) component * gateway1 - Defguard Gateway components (VPN gateway) ## Initial configuration wizard Notice that the Docker Compose file contains only minimal configuration parameters. This is one of the major changes in the new version. All configuration that was previously stored in environment variables or configuration files is now stored in the database and initialized using a convenient **setup wizard**. To begin the initial configuration, just visit this address after you started the stack with Docker Compose. Defguard will detect that this is a fresh instance and will welcome you with the setup wizard. The setup process contains several major steps: * Creating the first admin user * Internal and external URL settings * VPN public and internal settings * Multi-factor authentication For the stable version of 2.0 we'll also add a **migration wizard** that will help you to upgrade from previous Defguard version to the latest one with ease. ### Example setup {% stepper %} {% step %} **Go to the Core Component UI** Visit [http://localhost:8000](http://localhost:8000/) after starting the stack using Docker Compose. See the Initial Setup Wizard is being triggered automatically. Also notice that the Edge and Gateway component where automatically adopted.

{% endstep %} {% step %} **Create admin user account**

{% endstep %} {% step %} **Provide internal and external URL settings** You can set `http://localhost:8000` as the Defguard URL and `http://localhost:8080` as the *Public Edge Component URL.*

{% endstep %} {% step %} **Configure external and internal VPN settings**

{% endstep %} {% step %} **Configure multi-factor authentication**

{% endstep %} {% step %} **Setup finished**

{% endstep %} {% step %} **Inspect the newly created Edge Component, Location and Gateway Component**

{% endstep %} {% endstepper %} ## Enjoy fully redesigned interface After finishing the initial setup, Defguard is fully operational. You can manage your instance using the fully redesigned UI/UX. You can also enrol users and connect to the newly crated Location. You'll notice changes in every part of the interface, but some areas changed in a very significant way. Check those modules for sure: * VPN overview - strictly a dashboard for the administrator, previously mixed with system configuration, which was confusing. Also, we've significantly refactored our statistics module to make sure the dashboard is responsive even for large deployments. * Dedicated Locations page - previously hidden somewhere in the VPN overview page, mixed with dashboard, now a clear Location listing and management. * Firewall (formerly ACL) - new nomenclature (Aliases, Destinations, Rules), brand-new Alias, Destination, and Rule form. The Rule form, despite realising a complex task of creating a firewall rule, is intuitive and guides the user through the process. * Settings - since all the settings are now stored in the database, they can be managed with the UI. All system parameter got divided into logical sections, with broad descriptions, making it much easier to configure your system. * Edge Components (formerly Proxy) page - brand-new page for managing Edge Components (exposing selected Core functionality to the internet while keeping the Core isolated). ## High Availability of Edge and Gateway components {% hint style="info" %} This is an Enterprise feature. [Enroll into Defguard PoC](https://defguard.net/evaluation-license/) and receive a 30 day Defguard Trial license with evaluation support. {% endhint %} Another major feature of v2.0 is High Availability in active-active mode for the Edge and Gateway components. You can now add multiple Gateways to your Locations. Users will still connect to a single Gateway (using sticky sessions), but in the event of a Gateway failure, their VPN connection will remain active and be handled by another Gateway. You can also add multiple Edge components to ensure that enrollment, configuration updates, and MFA session initiation are fast and fail-safe. ### Example setup {% stepper %} {% step %} **Start the High Availability stack** To start the Defguard v2.0 HA stack, do the following: ``` git clone https://github.com/DefGuard/deployment.git defguard-deployment cd defguard-deployment/docker-compose2.0 docker compose -f docker-compose.ha.yaml up -d ``` This will start 8 docker containers: * db - PostgreSQL database * core - Defguard Core component (main control plane) * edge1, edge2, edge-lb - two Defguard Edge (formerly Proxy) components with a NGINX-based load balancer (user enrolment and client app configuration) * gateway1, gateway2, gateway-lb - two Defguard Gateway components with an Envoy-based load balancer (VPN gateways) {% endstep %} {% step %} **Do the initial configuration** Follow the same steps as in the [basic example](#initial-configuration). You will then have a Defguard instance with a single Gateway and Edge component configured. {% endstep %} {% step %} **Enter your Enterprise licence key** Go to Settings -> License and enter your license key. [Enroll into Defguard PoC](https://defguard.net/evaluation-license/) and receive a 30 day Defguard Trial license if you don't have a key yet. {% endstep %} {% step %} **Add another Edge Component** If you've started the all the services from the provided Docker Compose configuration, the additional Edge Compoent service is already started and waiting to be adopted in Defguard Core. Both Edge Components are behind a basic NGINX-based load balancer. Use the Docker service name as the *IP or Domain* while configuring the component.

{% endstep %} {% step %} **Add another Gateway Component to your Location** If you've started the all the services from the provided Docker Compose configuration, the additional Gateway Component service is already started and waiting to be adopted in Defguard Core. Both Gateway Components are behind a basic Envoy-based load balancer. Use the Docker service name as the *IP or Domain* while configuring the component.

{% endstep %} {% endstepper %} ### Test the High Availability and Failover #### Test HA for Edge Components 1. Display logs of both Edge Components using `docker compose logs -f edge1 edge2` 2. Trigger enrolment or MFA VPN connection using the Defguard Desktop or Mobile Application. 3. Notice traffic being directed to both Edge Components using round robin strategy on the NGINX load balancer. 4. Stop one of the Edge Components using `docker compose stop edge1` 5. Notice the enrolment process or MFA VPN connections working as expected on the Edge Components that's left. #### Test HA for Gateway Components 1. Display logs of both Gateway Components using `docker compose logs -f gateway1 gateway2` 2. Ping the VPN gateway using `ping 10.10.10.1`. Since the VPN connection is not active yet it should fail. Keep it running through the test. 3. Connect to the VPN Location. 4. Notice that the ping now succeeds. 5. Now play with stoping on of the gateways `docker compose stop gateway1` or `docker compose stop gateway2` . Make sure you don't stop both of them. 6. Notice that the VPN connection is alive the whole time (ping still succeeds). ## Static IP assignment for devices Another hihly anticipated feature of the 2.0 is the Static IP assignment. System administrators can now assign static IPs for the selected devices in the selected networks. Start by going to the users list. You'll notice that there's a new item in the actions menu for a user.

The administrator will then see a modal window with all the devices of the sleected user in each Location configured in the system. He can now enter the desired IP address for a device in any of the selected Locations.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.defguard.net/2.0/deployment-strategies/previewing-defguard-v2.0-alpha2.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.