Management interface

[msarzina@yahoo.it]

Hi All

i have this topology in the lab (all Ver R65 OS SecurePlatform)


eth2 eth1 eth1 eth2
ServerA----->fw1---------------->fw2------>ServerB
eth0| eth0|
|--------------------|
|
|------>guiclient
|
|-eth0-SmartcenterZ

on fw1 fw2 and smartcenterZ there is an

eth4

not connected preconfigured with the same ip address 195.12.31.42/32

i start installing the splat+smartcenter via sysconfig configuring the eth0 (i don t change via sysconfig the preconfigured eth4 ip address selected as management interface

the same for the fw1 splat eth0 eth1 eth2 and fw2 splat eth0 eth1 eth2 via sysconfig leaving the eth4 as it is (/32 same ip address and selected as management inetrface)

then i access the dashboard i find the management with the main ip address on the eth0 and in the topology i can see the eth4 in the second line

i start the gateway typing the hostname and the eth0 given via sysconfig ip address, sic works fine the topology is imported succesfully

i define an any to any any service accept log rule

then i push the policy

i start ssh from serverA to serverB everything works fine even the logging in smarttracker

then i define a simple star vpn site to site between the 2 fws center the fw1 satellite the fw2 in the firewall properties i restrict the encryption domain for the NetA and NetB respectively and i change the VPN Link selection on the respectiv e eth1 interface

VPN doesn t work and log stops working

to make VPN and log working i have to run sysconfig and to select the eth0 as management interface on both fws

the question is why initially the routing firewalling an logging is working properly and then after the VPN definition logging and firewalling stop working until i redefine the select management interface from eth4 to eth0?

how management comes in place stopping all the functions only after a VPN definition and until a management ineterface re- selection?



details
on the 3 splat devices

fw1 eth0 192.168.254.101/24
fw1 eth1 172.16.16.1/30
fw1 eth2 192.168.15.1/24

fw2 eth0 192.168.254.102/24
fw2 eth1 172.16.16.2/30
fw2 eth2 192.168.30.1/24

smartcenterZ eth0 192.168.254.100

route on fw1 route 192.168.30.0/24 to fw2-eth1

route on fw2 route 192.168.15.0/24 to fw1-eth1

[Routerkid1]

are you running a cluster, if so post up a cphaprob stat and cphaprob -a if and cphaprob -i list.

[msarzina@yahoo.it]

Actually i am not running a cluster just a single firewall to a single firewall

Marco

[melipla]

Quote:

eth4

not connected preconfigured with the same ip address 195.12.31.42/32

How can eth4 be your "management interface" if its not connected to anything?

The fact that your smartcenter server is on the same network as eth0 is the reason why it you have to change to eth0...

[msarzina@yahoo.it]

You're right, i am only wondering why even non changing the management to eth0 the system works fine until i install a vpn satellite site to site between them