0 Replies Latest reply on Dec 5, 2013 5:57 PM by roybad

    Policy based routing to segregate proxy and management traffic


      Hi guys

      We have a requirement to segregate management and user traffic on a MWG.

      Simple enough - there are 4 NICs on the proxy...

      However, we want to ensure we don't end up with asymmetric routing so want to use the standard iproute2 commands to implement PBR on the MWG.

      It works ... and really well..... but .. Support tell us that this is not a supported configuration.

      The GUI allows for static routes, but not based on a table and no option to create the "rules" for PBR.


      Incase anyone wants to try (and can't find it on a search engine)


      Add :

      200     Management .. or whatever you want..


      For the management NIC (e.g. eth2)

      Add entry in /etc/sysconfig/network-scripts/route-eth2

      e.g. dev eth1 src table Management

      default via dev eth2 table Management


      Add entries to /etc/sysconfig/network-scripts/rule-eth2

      from table Management

      to table Management

      (of course, the default gateway is via the user-NIC)


      .... So, I can manage a proxy via the management IP and browse via the data interface and my routes back stay corrrect...

      So, Anyone out there using this?

      Anyone at McAfee any idea why this isn't "standard" for a Security Product - which doesn't have a dedicated management interface?

      thanks for reading!!


      Message was edited by: roybad - corrected typo on 05/12/13 17:57:18 CST