cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Static Route precedence in Web Gateway

Jump to solution
What are the precedence rules for static routes in McAfee Web Gateway? We have an existing static route for a large range but would like to carve out a subset of that range that is directed to a different network gateway. Would moving this subset route to the top of the MWG list be sufficient or should I delete the old range and create a bunch of different subsets for the routes? One of the network staff believes that the subset route should be given higher priority regardless since it is a more specific route.
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Static Route precedence in Web Gateway

Jump to solution

Hi,

Hope you are doing well.


Yes the subset route should be given higher priority since it is a more specific route.The most specific prefix from the routing table is used.

 

Below is the current route present as an example:-


Destination 8.8.0.0/16 via gateway 1.1.1.114 and interface eth0


[root@ ~]# ip route get 8.8.8.8
8.8.8.8 via 1.1.1.114 dev eth0 src 1.1.1.1


Below is new route added:-

Destination 8.8.8.0/27 via gateway 1.1.1.131 and interface eth0


[root@mwg ~]# ip route get 8.8.8.8
8.8.8.8 via 1.1.1.131 dev eth0 src 1.1.1.1

 

[root@mwg ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 0 0 0 eth0
8.8.0.0 1.1.1.114 255.255.0.0 UG 0 0 0 eth0
8.8.8.0 1.1.1.131 255.255.255.224 UG 0 0 0 eth0

 

Below is for your information:-


This is to inform you that changes made from Web UI related to network settings like adding static routes restart network services for a fraction of second. Changes made from Web UI related to network settings will restart network settings which will have a minimal impact as service gets restarted for few seconds..

 

The interruption is just for few seconds. A ping loss of few packets is observed.

 

Below is output of test at my end wherein I initiated a ping to my MWG IP Address and then added a static route entry from MWG GUI:-


C:\Users\>ping 1.2.3.4 -t

Pinging 1.2.3.4 with 32 bytes of data:
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time=1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Request timed out.
Request timed out.
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time=1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62

 

With changes in place, network service is restarted and you see some request time outs.

 

Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!


Regards
Alok Sarda

View solution in original post

2 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 3

Re: Static Route precedence in Web Gateway

Jump to solution

Hi,

Hope you are doing well.


Yes the subset route should be given higher priority since it is a more specific route.The most specific prefix from the routing table is used.

 

Below is the current route present as an example:-


Destination 8.8.0.0/16 via gateway 1.1.1.114 and interface eth0


[root@ ~]# ip route get 8.8.8.8
8.8.8.8 via 1.1.1.114 dev eth0 src 1.1.1.1


Below is new route added:-

Destination 8.8.8.0/27 via gateway 1.1.1.131 and interface eth0


[root@mwg ~]# ip route get 8.8.8.8
8.8.8.8 via 1.1.1.131 dev eth0 src 1.1.1.1

 

[root@mwg ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 0 0 0 eth0
8.8.0.0 1.1.1.114 255.255.0.0 UG 0 0 0 eth0
8.8.8.0 1.1.1.131 255.255.255.224 UG 0 0 0 eth0

 

Below is for your information:-


This is to inform you that changes made from Web UI related to network settings like adding static routes restart network services for a fraction of second. Changes made from Web UI related to network settings will restart network settings which will have a minimal impact as service gets restarted for few seconds..

 

The interruption is just for few seconds. A ping loss of few packets is observed.

 

Below is output of test at my end wherein I initiated a ping to my MWG IP Address and then added a static route entry from MWG GUI:-


C:\Users\>ping 1.2.3.4 -t

Pinging 1.2.3.4 with 32 bytes of data:
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time=1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Request timed out.
Request timed out.
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62
Reply from 1.2.3.4: bytes=32 time=1ms TTL=62
Reply from 1.2.3.4: bytes=32 time<1ms TTL=62

 

With changes in place, network service is restarted and you see some request time outs.

 

Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!


Regards
Alok Sarda

View solution in original post

Highlighted

Re: Static Route precedence in Web Gateway

Jump to solution
Thanks Alok
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community