We have a requirement to segregate management and user traffic on a MWG.
Simple enough - there are 4 NICs on the proxy...
However, we want to ensure we don't end up with asymmetric routing so want to use the standard iproute2 commands to implement PBR on the MWG.
It works ... and really well..... but .. Support tell us that this is not a supported configuration.
The GUI allows for static routes, but not based on a table and no option to create the "rules" for PBR.
Incase anyone wants to try (and can't find it on a search engine)
200 Management .. or whatever you want..
For the management NIC (e.g. eth2)
Add entry in /etc/sysconfig/network-scripts/route-eth2
192.168.100.0/26 dev eth1 src 192.168.100.2 table Management
default via 192.168.100.63 dev eth2 table Management
Add entries to /etc/sysconfig/network-scripts/rule-eth2
from 192.168.100.2 table Management
to 192.168.100.2 table Management
(of course, the default gateway is via the user-NIC)
.... So, I can manage a proxy via the management IP and browse via the data interface and my routes back stay corrrect...
So, Anyone out there using this?
Anyone at McAfee any idea why this isn't "standard" for a Security Product - which doesn't have a dedicated management interface?
thanks for reading!!