cancel
Showing results for 
Search instead for 
Did you mean: 

configure transparent router mode

Dear,

I'm deploying a single Web gateway 7 with router transparent mode. But client cannot access to internet. Please see attachment and help me check the problem.

Thanks and Regards,

15 Replies
Highlighted
McAfee Employee MSchneider
McAfee Employee
Report Inappropriate Content
Message 2 of 16

Re: configure transparent router mode

Hello,

disable IPSpoofing in the Porxy section. It won't work in your environment from what I see, as it creates an asynchronous routing.

best,

Michael

Michael Schneider
Lead Product Manager for Web Protection
(•‿•)
nidob
Level 7
Report Inappropriate Content
Message 3 of 16

Re: configure transparent router mode

Hi, I tried doing the same step from what he shown and what you recommend, but the users still don't have any internet connection.

Is there anything that I missed?

smalldog
Level 12
Report Inappropriate Content
Message 4 of 16

Re: configure transparent router mode

Have solution for this? Thanks!

Re: configure transparent router mode

What is solution for this question?

Re: configure transparent router mode

If you guys went though this guide, followed michael_schneider's instruction "disable IPSpoofing in the Porxy section" and still no luck.
Please check your network part.

Best of luck.

Re: configure transparent router mode

Anyone found solution to the problem?

I am facing the same problem, and I can not find documentation or guidance on the subject.

My post about it in the community https://community.mcafee.com/thread/74568

Reliable Contributor asabban
Reliable Contributor
Report Inappropriate Content
Message 8 of 16

Re: configure transparent router mode

Hello,

the problem you encounter might be related to a wrong configuration of any network device on MWGs path. The majority of "transparent router" problems due to the setup are caused by missing routes. It will be pretty hard to provide any guidance to get the routing fixed in you environment without having any kind of information such as network diagrams or packet captures.

As mentioned in the thread you want to start troubleshooting by looking at default gateway MWG uses. In many cases this device does not know the network MWG has routed to the default gateway and so the packets cannot go back to MWG and to the client. This is something you only see when looking into the network traffic.

If you need more specific assistance for your case please provide some more information about your network of get in touch with support.

Best,

Andre

Re: Re: configure transparent router mode

Ok Andre,

Thank you for the help, I'll spend more data.

I tried to solve the problem with the McAfee support more failed to yet.

[Internet] <----> 172.29.0.0/24 --- eth0 172.29.0.117 [MWG] eth1 172.30.8.4  ---- 172.30.8.0/21 ---- [Est. Client] 172.30.8.124

If:

Ping 172.30.8.124 ----> 172.30.8.4 ok

Ping 172.30.8.124 ----> 172.29.0.117 not responding

Ping 172.30.8.4 ----> 172.29.0.117 not responding

Ping 172.29.0.117 ----> Internet ok

Ping 172.20.0.117 ---> 172.30.8.4 not responding

Attach files

The catch was held simultaneously in the client station and the MWG.

Does anyone have a walkthrough transparent router impementação to see if I messed up.

Reliable Contributor asabban
Reliable Contributor
Report Inappropriate Content
Message 10 of 16

Re: configure transparent router mode

Hello,

can you let me know what the default gateway is configured on MWG?

I am a little confused about this:

Ping 172.30.8.4 ----> 172.29.0.117 not responding


According do what you provided those are the IP addresses of eth0 and eth1 of the MWG. Does this mean if you SSH into MWG you cannot ping both IP addresses?


From what I saw so far it seems the packets hit MWG but MWG does not forward them. You can easily notice that for the DNS traffic... the traffic hits MWG but nothing happens. Usually you should see MWG forward that traffic to its default gateway.


So can you let me know:


- the default GW of MWG

- the value of "cat /proc/sys/net/ipv4/ip_forward" (execute via SSH on appliance)


Best,

Andre

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community