Purview appliance with more interfaces on different subnets
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-22-2016 02:40 PM
Hi, is possible to deploy the Pureview appliance with more interfaces on different subnets or under a NAT device respect the Pureview Sensor? In my scenario I've got a NAT device between my internal lan where I've got the ExtremeControl and the ExtremeAnalytics appliance (virtual) and the coreflow2 switch is on another subnet and I reach this throught the nat device. As test, I've natted 1-1 the Extreme Analytics Appliance and I've used the NAT IP address as the remote gre endpoint on the coreflow2 switch. In this test I see in the external interface of the nat\router the GRE packets, but nothing reach my internal Pureview appliance. How is possible to use Pureview in a deployment like that? Thanks
16 REPLIES 16
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-29-2016 11:48 AM
Your eth0 address is 192.168.10.102, and your GRE tunnel is from the SSA to the purview appliance (not the post-NAT address), so I'm assuming the 192.168.1.x address.
also this would be the same destination interface that the netflow would go to.
also this would be the same destination interface that the netflow would go to.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-29-2016 10:17 AM
I forget to say before, that if I attach a pc to the same switch where is attached my ge.1.1 interface of the SSA sensor and I use a neflow packet version 9 generator, I see the packets on my Purview appliance... Seems that my SSA sensor don't send the netflow packets out...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-29-2016 06:44 AM
Thanks Matthew, I'll try do do as you suggest. Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-29-2016 06:04 AM
You should be able to accomplish this with option 3: Interface Tunnel Mirrored, and put that second interface on the 192.168 network. If you cannot set a different subnet mask this is a bug and should be followed up with GTAC. as a workaround you configure both this was for the same subnet mask and then later manually go back and change the mask in the system config files.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎03-29-2016 05:45 AM
In first case, where I move the SSA management on the 172.29/16 networks, I've got a switch that has one NIC (the one that receive the mirror traffic) on the internal LAN and the management NIC on the demo LAB, and I know that in this case is secure, but for our policy I need to pass from the internal firewall (someone has fair that if an hacker corrupt the switch can pass between the two networks without pass thought the firewall). Regardin add a second NIC to the purview engine, I can't because I've tried to do this, but I've got networks with different masks and the wizard on purview engine want that I use the same masks on all the interfaces...probally I need to configure this scenario in manual mode...
