Solved

Interscan Gateway Scan Appliance operation mode

Posted on 2010-11-11
14
552 Views
Last Modified: 2013-11-22
Hi experts,
can you help me to take a look of this problem. currently i was
running the IGSA appliance. i was place in between core and firewalls. the
igsa running on transparent proxy mode, but its not suite our current
configuration since the igsa will change the ip address to the igsa
appliance. So, i need to change to fully transparent mode which is the
igsa will not change the ip address but unfortunately its not work if i
changed it.

Kindly need experts help to take a look. i attach the screen capture and
diagram for easy to experts understand my network.
 
ip-address.JPG
operation-mode.JPG
static-route.JPG
diagram.JPG
0
Comment
Question by:mrflizo
  • 7
  • 6
14 Comments
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117638
Have you by some chance still got the client prioxy set as the IGSA box? I think in transparent mode you would have no proxy set in your browser. Other than that I can't see anything wrong from your diagram.
0
 

Author Comment

by:mrflizo
ID: 34117653
is it cause of routing table? if i change to fully transparent mode, users cannot access the internet seems the igsa does not replying back to the users. on users pc, i dont set anything since the igsa deployment in inline mode.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117660
If they are as per your screen shots, then they look spot on. Can you ping or manage the IGSA itself from a workstation? If so, then its routing is correct.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117678
Does dns resolution work ok in transparent mode? from a client, try nslookup http://www.google.com or something. Clutching at straws here, it looks right.

Umm, next question, nats and rules on yor external firewall. If the requests are now coming from the clients as source address is it being nated correctly and allowed out?
0
 

Author Comment

by:mrflizo
ID: 34117764
NAT on firewalls are working correctly. i was test to bypass IGSA and its works. on access rule, i must create 2 access rule for accessing internet which is ip address of igsa and user-vlan.

if i disable access rule of igsa ip address it wont work on tranparent proxy mode because user ip address was change to igsa ip address.

i change the igsa to fully transparent mode, then bypass the igsa and its work nicely.

i can ping/access if change the igsa operation mode on fully transparent and proxy mode.

after i change the igsa in fully transparent, the users pc was not able to access internet but if i do the nslookup its works.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117778
Farid you have got me then. Silly question, have you tried powering off the IGSA, and clearing the arp cache on both the core switch and firewall?
0
 

Author Comment

by:mrflizo
ID: 34117795
not yet i wiil try it now
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 

Author Comment

by:mrflizo
ID: 34117869
i already try it...but the result its still same
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117872
When you change modes, is the license still active?
0
 

Author Comment

by:mrflizo
ID: 34117901
i was waiting the new license since the license already expired when the box online..is it all about the license?
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117906
It may well be, my Mate here thinks when you change modes it loses teh license and you have to re-apply it. I thought that was just the updates, but check it anyway in case he is right. I just can't see anything in your config from here that is incorrect.
0
 

Author Comment

by:mrflizo
ID: 34118285
i was change it again to fully transparent but the license is still there. i means the license remains.
0
 
LVL 1

Accepted Solution

by:
p3jalz earned 500 total points
ID: 34142799
your gateway  IP address setting is wrong, change it to:

ip: 192.168.99.7, gw: 192.168.99.5.

then create a static route
ip add: 10.0.0.0
sm: 255.0.0.0
gw: 192.168.99.1

you should be able to access to accessing internet with fully transparent mode.

gud luck
0
 

Author Closing Comment

by:mrflizo
ID: 34142801
tq
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
change password links 7 73
Office 365 setting for security 4 63
quarantine versus delete 6 58
obsev.719 virus in win 7 pc 9 23
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now