0 Replies Latest reply on Dec 5, 2013 5:57 PM by roybad

    Policy based routing to segregate proxy and management traffic

    roybad

      Hi guys

      We have a requirement to segregate management and user traffic on a MWG.

      Simple enough - there are 4 NICs on the proxy...

      However, we want to ensure we don't end up with asymmetric routing so want to use the standard iproute2 commands to implement PBR on the MWG.

      It works ... and really well..... but .. Support tell us that this is not a supported configuration.

      The GUI allows for static routes, but not based on a table and no option to create the "rules" for PBR.

       

      Incase anyone wants to try (and can't find it on a search engine)

      /etc/iproute2/rt_tables

      Add :

      200     Management .. or whatever you want..

       

      For the management NIC (e.g. eth2)

      Add entry in /etc/sysconfig/network-scripts/route-eth2

      e.g.

      192.168.100.0/26 dev eth1 src 192.168.100.2 table Management

      default via 192.168.100.63 dev eth2 table Management

       

      Add entries to /etc/sysconfig/network-scripts/rule-eth2

      from 192.168.100.2 table Management

      to 192.168.100.2 table Management

      (of course, the default gateway is via the user-NIC)

       

      .... So, I can manage a proxy via the management IP and browse via the data interface and my routes back stay corrrect...

      So, Anyone out there using this?

      Anyone at McAfee any idea why this isn't "standard" for a Security Product - which doesn't have a dedicated management interface?

      thanks for reading!!

       

      Message was edited by: roybad - corrected typo on 05/12/13 17:57:18 CST