Ironport WSA - Management interface

cdicesare · ‎09-26-2011

Hello,

I have installed one Ironport WSA appliance for my customer.

I would configure the following interface :

-M1 : for the management

-P1 : for the production interface

-T1 : for L4 inspection

I have specified a default route for M1 and P1.

When I tryed to ping Internet or perform an update of the WSA, I watched the request exit by the M1 interface.

It doesn't work because the management network can't exit in Internet (it's the policy of the customer).

-It's normal that the upgrade of WSA and the ping exit by the M1 interface ?

-If I want perform authentication in NTLM (with an AD domain) the request with the server and the client is performed with P1 or M1 ?

-The upgrade of antivirus & sensor base use M1 or P1 ?

-I thinked that M1 was only used for the management of the WSA (SSH and HTTPS).

-How the WSA appliance can manage two default routes ?

Can you give me more information about M1 and P1 and the role of each one ?

Best Regards

Cédric

Ken Stieers · ‎09-28-2011

You can change the route that the update and upgrades use by going to System Adminstration>Upgrade and Update Settings. Then click on the "Edit Update Settings". You can pick the routing table/interface here. By default its set to the managment interface.

I'm fairly sure that the NTLM traffice from the WSA to the domain is via the managment interface.

P1 is for the proxy traffic. Whatever way you get internet traffice to the box, it goes through P1, in and out (unless you use P2)

M1 is for all of the other stuff: web management, ssh, updates, ldap/ntauth, etc.