Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Interscan Gateway Scan Appliance operation mode

Posted on 2010-11-11
14
557 Views
Last Modified: 2013-11-22
Hi experts,
can you help me to take a look of this problem. currently i was
running the IGSA appliance. i was place in between core and firewalls. the
igsa running on transparent proxy mode, but its not suite our current
configuration since the igsa will change the ip address to the igsa
appliance. So, i need to change to fully transparent mode which is the
igsa will not change the ip address but unfortunately its not work if i
changed it.

Kindly need experts help to take a look. i attach the screen capture and
diagram for easy to experts understand my network.
 
ip-address.JPG
operation-mode.JPG
static-route.JPG
diagram.JPG
0
Comment
Question by:mrflizo
  • 7
  • 6
14 Comments
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117638
Have you by some chance still got the client prioxy set as the IGSA box? I think in transparent mode you would have no proxy set in your browser. Other than that I can't see anything wrong from your diagram.
0
 

Author Comment

by:mrflizo
ID: 34117653
is it cause of routing table? if i change to fully transparent mode, users cannot access the internet seems the igsa does not replying back to the users. on users pc, i dont set anything since the igsa deployment in inline mode.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117660
If they are as per your screen shots, then they look spot on. Can you ping or manage the IGSA itself from a workstation? If so, then its routing is correct.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117678
Does dns resolution work ok in transparent mode? from a client, try nslookup http://www.google.com or something. Clutching at straws here, it looks right.

Umm, next question, nats and rules on yor external firewall. If the requests are now coming from the clients as source address is it being nated correctly and allowed out?
0
 

Author Comment

by:mrflizo
ID: 34117764
NAT on firewalls are working correctly. i was test to bypass IGSA and its works. on access rule, i must create 2 access rule for accessing internet which is ip address of igsa and user-vlan.

if i disable access rule of igsa ip address it wont work on tranparent proxy mode because user ip address was change to igsa ip address.

i change the igsa to fully transparent mode, then bypass the igsa and its work nicely.

i can ping/access if change the igsa operation mode on fully transparent and proxy mode.

after i change the igsa in fully transparent, the users pc was not able to access internet but if i do the nslookup its works.
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117778
Farid you have got me then. Silly question, have you tried powering off the IGSA, and clearing the arp cache on both the core switch and firewall?
0
 

Author Comment

by:mrflizo
ID: 34117795
not yet i wiil try it now
0
 

Author Comment

by:mrflizo
ID: 34117869
i already try it...but the result its still same
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117872
When you change modes, is the license still active?
0
 

Author Comment

by:mrflizo
ID: 34117901
i was waiting the new license since the license already expired when the box online..is it all about the license?
0
 
LVL 9

Expert Comment

by:Trackhappy
ID: 34117906
It may well be, my Mate here thinks when you change modes it loses teh license and you have to re-apply it. I thought that was just the updates, but check it anyway in case he is right. I just can't see anything in your config from here that is incorrect.
0
 

Author Comment

by:mrflizo
ID: 34118285
i was change it again to fully transparent but the license is still there. i means the license remains.
0
 
LVL 1

Accepted Solution

by:
p3jalz earned 500 total points
ID: 34142799
your gateway  IP address setting is wrong, change it to:

ip: 192.168.99.7, gw: 192.168.99.5.

then create a static route
ip add: 10.0.0.0
sm: 255.0.0.0
gw: 192.168.99.1

you should be able to access to accessing internet with fully transparent mode.

gud luck
0
 

Author Closing Comment

by:mrflizo
ID: 34142801
tq
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How do we balance the user experience (UX) with reasonable security measures? It can be done, if you keep these fundamentals in mind.
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question