cancel
Showing results for 
Search instead for 
Did you mean: 
roybad
Level 7

Policy based routing to segregate proxy and management traffic

Hi guys

We have a requirement to segregate management and user traffic on a MWG.

Simple enough - there are 4 NICs on the proxy...

However, we want to ensure we don't end up with asymmetric routing so want to use the standard iproute2 commands to implement PBR on the MWG.

It works ... and really well..... but .. Support tell us that this is not a supported configuration.

The GUI allows for static routes, but not based on a table and no option to create the "rules" for PBR.

Incase anyone wants to try (and can't find it on a search engine)

/etc/iproute2/rt_tables

Add :

200     Management .. or whatever you want..

For the management NIC (e.g. eth2)

Add entry in /etc/sysconfig/network-scripts/route-eth2

e.g.

192.168.100.0/26 dev eth1 src 192.168.100.2 table Management

default via 192.168.100.63 dev eth2 table Management

Add entries to /etc/sysconfig/network-scripts/rule-eth2

from 192.168.100.2 table Management

to 192.168.100.2 table Management

(of course, the default gateway is via the user-NIC)

.... So, I can manage a proxy via the management IP and browse via the data interface and my routes back stay corrrect...

So, Anyone out there using this?

Anyone at McAfee any idea why this isn't "standard" for a Security Product - which doesn't have a dedicated management interface?

thanks for reading!!

Message was edited by: roybad - corrected typo on 05/12/13 17:57:18 CST
0 Kudos