Search found 33 matches

by anders s
08 Sep 2014, 16:00
Forum: SG Discussions
Topic: best practice for multiple L2TP VPNs
Replies: 2
Views: 2029

Re: best practice for multiple L2TP VPNs

You could set up different VPN tunnels, this requires multiple external IPs and cOS Core 10.20 or later. If the users are in the same authentication source you can use the same VPN and filter the rules on user authentication.
by anders s
03 Jun 2014, 16:38
Forum: SG Discussions
Topic: VLANs between Interfaces
Replies: 2
Views: 2237

Re: VLANs between Interfaces

You need to enable Proxy ARP on the routes for the vlans. You should also use a interface Group with security/transport equivalent in the ip rules so that wireless clients can roam between the interfaces without loosing connections. It won't work if the AP relies on broadcast to find the controller.
by anders s
05 Dec 2013, 10:43
Forum: InControl Discussions
Topic: Log Analyzer results
Replies: 3
Views: 3681

Re: Log Analyzer results

Application Usage only contains information about identified applications so traffic from any rules without application Control will not be included. I have also noticed a lot of traffic to google, even when looking at destination IP I see a lot of traffic on port 80 to IPs with PTR of cache.google....
by anders s
05 Dec 2013, 10:30
Forum: SG Discussions
Topic: HTTPS ip policy with multiple WAN IP
Replies: 3
Views: 2666

Re: HTTPS ip policy with multiple WAN IP

If you wan't to use a destination IP that is published on interface G1 then destination interface would be G1. Only the IP that is set on an interface is associated with the core interface, ARP published IP's are assoicated with the interface they are published on. Clear huh? :) So the policy would ...
by anders s
29 Jul 2013, 14:44
Forum: SG Discussions
Topic: Problem with Clavister E7 with 2 WAN
Replies: 1
Views: 1679

Re: Problem with Clavister E7 with 2 WAN

You probably need to add a routing rule. Depending on how you placed the routes it may look something like this

add RoutingRule SourceInterface=g2 SourceNetwork=all-nets DestinationInterface=any DestinationNetwork=all-nets service=all_services ForwardRoutingTable=main ReturnRoutingTable=Default
by anders s
28 May 2013, 15:52
Forum: SG Discussions
Topic: SAT/NAT rule help!
Replies: 7
Views: 8642

Re: SAT/NAT rule help!

For future reference the rules should be something like this:

4 | sat_any-core_http | SAT |any | all-nets | core | 83.252.XXX.XXX | http-all
6 | nat_lan-core_http | NAT |lan | lannet | core | 83.252.XXX.XXX | http-all
5 | allow_any-core_http | Allow |any | all-nets | core | 83.252.XXX.XXX | http-all
by anders s
13 Feb 2013, 11:03
Forum: SG Discussions
Topic: HA VPN sync
Replies: 1
Views: 2088

HA VPN sync

The documentation for 10.11 is ambiguous, has the problem with state synchronization of ipsec been fixed in 10.11? cOS Core Administration guide 10.11.01 VPN Tunnel Synchronization In an HA cluster, there is synchronization between the master and slave Clavister Security Gateways for all VPN communi...
by anders s
18 Jan 2013, 09:19
Forum: SG Discussions
Topic: Strong authentication for vpn
Replies: 2
Views: 3048

Re: Strong authentication for vpn

A cheaper solution is to use L2TP over ipsec with client certificate authentication for ipsec (against the Clavister) and username/password authentication for L2TP (against radius). The client settings for this can be pushed with group policy preference. I haven't tested it on Mac but it should work...
by anders s
03 Sep 2012, 09:15
Forum: Feature Requests / Product Enhancements
Topic: LLDP/CDP
Replies: 1
Views: 1973

LLDP/CDP

Support for LLDP and/or CDP would greatly simplify troubleshooting vlan configuration of switches. Especially in HA configurations where all interfaces have the same mac address.
by anders s
16 Jul 2012, 12:41
Forum: SG Discussions
Topic: сOS Core 10.10.00 for VMware
Replies: 3
Views: 1877

Re: сOS Core 10.10.00 for VMware

You can install the 10.00.00 VMware image and upgrade with 10.10.00 for x86