10-22-2008 03:35 AM
Hi,
To acheive some level of network layer redundancy, we would like to have at least two nics that are used to proxy on our s650 (other than the management port). Therefore, it would be logical to just patch another nic into P2 (however I am aware that the Ironport system does not recognise this configuration, as P2 is currently only used as an outbound port for passthrough proxying, I beleive.)
I've just noticed this post on the thread announcing GA of 5.6.0;
To enhance the security of the WSA, we explicitly prevent the WSA from proxying requests on the P2 interface. Customers who need this functionality may want to wait for the 5.6.2 release, which will support this configuration.
10-22-2008 05:11 PM
Shane,
It sounds like what you're looking for is dual homing. This is not what the functionality of 5.6 calls for.
Let me clarify what it is that you're asking for, before I file an enhancement. :D
Which are you looking to do:
1. Both P1 and P2 are plugged into your
or
2. Both P1 and P2 are plugged in and assigned their own IPs on their own respective subnets. Each able to accept client HTTP requests to proxy.
10-24-2008 01:25 AM
Hi Josh,
Thanks for the response. Yes, we are after option 1. I should've just mentioned dual-homing, and saved the confusion.
For us, it seems a bit of a waste to have the P2 port sitting there unused. We have already had an instance where a contractor knocked the cable that plugs into P1, and it disconnected. Obiviously, this resulted in an outage of our internet. Had the P2 port been provisioned with dual homing, this would not have occured.
It seems to be a logical step to me ... we do it with all our other servers in our environment. Any service that is even remotely important is setup with teamed nics, quite often with each nic patched into a different switch (but on the same subnet, with the same ip). This also prevents outages of the service if one switch fails. With all of the other redundancy in the s650 (power supplies, raid etc), the single proxying nic is the obvious possible point of failure for us.
Cheers ....
Shane
10-24-2008 03:59 PM
Shane,
I have filed the following enhancement request for proper dual homing: 45270.
It is in our database and will be tracked. Please communicate with your sales representative and inform them of your desire for this feature.
01-07-2009 06:37 PM
Shane,
It sounds like what you're looking for is dual homing. This is not what the functionality of 5.6 calls for.
Let me clarify what it is that you're asking for, before I file an enhancement. :D
Which are you looking to do:
1. Both P1 and P2 are plugged into your. Only one IP address is assigned to BOTH interfaces. P1 one will be used unless it goes down, in which P2 will take over.
or
2. Both P1 and P2 are plugged in and assigned their own IPs on their own respective subnets. Each able to accept client HTTP requests to proxy.
01-08-2009 03:53 PM
Wage,
You should be able to proxy using M1 and P1 without any problems. P2 does not listen for clients by default (to prevent having an open proxy - P2 is intended to be the "outside / public" interface).
01-08-2009 04:25 PM
i would like to connect one interface to a certain vlan and another interface to another vlan, is this possible?
01-09-2009 03:44 PM
Wage,
There is no reason why it wouldn't work, assuming proper routing. Be aware that certain services, like authentication traffic to an AD server will use the M1 interface.
12-07-2023 02:45 AM
I have the same problem as you,
I have just deployed a pair of swa s395 units and have used P1 for internet/interface outside and P2 for internal interface/users.
When I point to the VIP proxy interface IP or interface IP directly, this P2 does not respond to HTTP/S requests.
With support we enable listening, with the following CLI configuration.
configuration >advancedproxyconfig>MISCELLANEOUS>Do you want proxy to listen on P2? [N]> yes
I still have the same problem again.
12-07-2023 04:14 AM
can you please try to get Packet capture , with no filter in the WSA and try to generate both HTTP and HTTPS traffic from browser which is pointing at Virtual IP and same test with the browser pointing at P2 interface IP address please,
kindly share your finding or PCAP with us.
Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide