12-23-2020 12:50 PM
Hi,
i need some clarity on below scenario.
i want to Utilize M1, P1 & P2 interfaces in WSA S695.
Connectivity Setup.
M1 is set to out of band management.
Firewall gig1/1 IP 192.168.1.2/28------WSA P1 IP 192.168.1.1/28 (virtual IP 192.168.1.3/28)
Firewall gig1/2 IP 192.168.2.2/28------WSA P2 IP 192.168.2.1/28
P1 is using for inbound traffic from user machines to WSA.
P2 is using for outbound traffic to internet from WSA.
suppose if i want identification based authentication for 10.0.0.0/23 clients for proxy, how to setup the routing table for P1 and P2.
P1 is connected to firewall for proxy traffic where clients traffic(explicit proxy) hitting to VIP address 192.168.1.3.
Solved! Go to Solution.
12-24-2020 02:22 AM
Firewall gig1/1 IP 192.168.1.2/28------WSA P1 IP 192.168.1.1/28 (virtual IP 192.168.1.3/28)
above one is not clear to me. explain more.
i want to Utilize M1, P1 & P2 interfaces in WSA S695. - this is standard setup
M1 for MGMT
P1 inside
P2 Outside - you setup this routing to go out.
suppose if i want identification based authentication for 10.0.0.0/23 clients for proxy,
there is 2 ways you can do here.
Option 1 :
You need to create identity profile with the subnet
create a access policy what action required, what is allowed and what is not allowed.
Option 2 :
If you have any other authentication based network like AD, you can use that as source and make access policy, which ever works for business.
deployment guide still valid for reference :
my blog has some videos for reference
12-24-2020 02:22 AM
Firewall gig1/1 IP 192.168.1.2/28------WSA P1 IP 192.168.1.1/28 (virtual IP 192.168.1.3/28)
above one is not clear to me. explain more.
i want to Utilize M1, P1 & P2 interfaces in WSA S695. - this is standard setup
M1 for MGMT
P1 inside
P2 Outside - you setup this routing to go out.
suppose if i want identification based authentication for 10.0.0.0/23 clients for proxy,
there is 2 ways you can do here.
Option 1 :
You need to create identity profile with the subnet
create a access policy what action required, what is allowed and what is not allowed.
Option 2 :
If you have any other authentication based network like AD, you can use that as source and make access policy, which ever works for business.
deployment guide still valid for reference :
my blog has some videos for reference
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide