cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Transparent Bridge Mode cluster not working

Jump to solution

Hi,

I’ve configure a pairs of Transparent Bridge mode MWG with version 10.2.3. Unfortunately when I try to test the internet, the client machine are not able to access internet. I've also checked on hastats for both appliance but both of the appliance are in Scanning node mode. The primary appliance director priority was set to 99 and secondary set to 0. 

I’m only able to get the client machine to internet after I shutdown or plug out one of the MWG. 

Anyone have any idea? 

note: ibr0 configured and used in central management and proxies management IP by following the installation guide. 

Thanks.

1 Solution

Accepted Solutions
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: Transparent Bridge Mode cluster not working

Jump to solution

Hello,

hastats will not give any useful result, as haproxy is not used in transparent bridge mode, but still the old MFEND module is used for this.

Do you have port redirects configured for 80/443? If so, what happens if you remove them? By removing the port redirects MWG will act as a "bridge" only (without any filtering).

If it works wothout a port redirect the network setup is correct and there is a problem redirecting the traffic into MWG. If it also fails without the port redirect there is a problem with the traffic not hitting the bridge as expected, so another look at the network side needs to be taken.

Best,
Andre

View solution in original post

7 Replies
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 8

Re: Transparent Bridge Mode cluster not working

Jump to solution

Hello,

hastats will not give any useful result, as haproxy is not used in transparent bridge mode, but still the old MFEND module is used for this.

Do you have port redirects configured for 80/443? If so, what happens if you remove them? By removing the port redirects MWG will act as a "bridge" only (without any filtering).

If it works wothout a port redirect the network setup is correct and there is a problem redirecting the traffic into MWG. If it also fails without the port redirect there is a problem with the traffic not hitting the bridge as expected, so another look at the network side needs to be taken.

Best,
Andre

View solution in original post

Re: Transparent Bridge Mode cluster not working

Jump to solution

Hi Andre,

 

Thanks for the information. If this the case, may i know how can I check on the mfend status?

 

Thanks.

asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 8

Re: Transparent Bridge Mode cluster not working

Jump to solution

On the CLI

mfend-lb -s

It should show the status of the various nodes when executed on the "Director" node. It should show one node as "active" or "network", which means its the one receiving the traffic. Other director nodes should be listed as "backup". All scanning nodes should be listed as "scanning".

brctl show ibr0

and

brctl showstp ibr0

could show additional interesting details.

Andre

Re: Transparent Bridge Mode cluster not working

Jump to solution

Hi Andre,

 

Sure. Thanks for the info. Will take a look on that. Cheers!

Re: Transparent Bridge Mode cluster not working

Jump to solution

Hi Andre,

 

Just to update you that we are able to get the internet access for the client machine without any configuration change in the MWG. Doesn't know if any network changes happened before.

Also, would like to check if there is any issue with both appliance configured with director priority in transparent bridge mode? (MWG1 in 99 and MWG2 in 15). I'm able to access internet in this configuration and not the MWG2 in 0 director priority.


Thanks.

asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: Transparent Bridge Mode cluster not working

Jump to solution

Hello,

both machines can be a director. In that case one machine is the "active" director, the other one the "backup" director. Both will spin up an ibr0 and provide a bridge between the two network devices they are attached to.

The "backup" director will set the bridge to "Blocked", while the "active" director sets the Bridge to "Forwarding". So there is actively only one path from one network to the other.

The "active" director picks up the network connections for forwards them to itself of the second node. Apart from that there should not be a difference.

Best,
Andre

Re: Transparent Bridge Mode cluster not working

Jump to solution

Hi Andre,

Thanks for the info. Appreciate for your help.

Thanks again!

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community