Search found 19 matches

by Aron
10 Nov 2014, 17:28
Forum: SG Discussions
Topic: IP rule to allow traffice from core interface
Replies: 3
Views: 2201

Re: IP rule to allow traffice from core interface

No ip rule or policy is needed to allow traffic being sent from Core (the firewall).
However, traffic sourced from the firewall itself will be using the main routing table for route lookups.

Do you have an all-nets route in the main routing table?
by Aron
28 Aug 2014, 17:52
Forum: SG Discussions
Topic: How to enable trace for specific IP on Clavister Firewall SG
Replies: 1
Views: 1786

Re: How to enable trace for specific IP on Clavister Firewal

You can always search in the firewall logs, filtering on the source ip. Another and very powerful way to troubleshoot and verify that traffic is reaching and passing through the firewall is to use the pcapdump CLI command. This syntax for example is very useful; "pcapdump -start -out-nocap -ip <ip a...
by Aron
13 Jun 2014, 08:29
Forum: SG Discussions
Topic: Multiple Subnet same Vlan
Replies: 1
Views: 1514

Re: Multiple Subnet same Vlan

Hello, You will need to create another route for the new subnet on the VLAN interface, then under the "Local IP" setting you configure the ip address you want the firewall to use for ARP queries and ARP responses for hosts on this subnet. You could say that the Local IP will work as an extra interfa...
by Aron
30 Apr 2014, 19:10
Forum: SG Discussions
Topic: Route traffic on gateway behind IPSec tunnel
Replies: 1
Views: 1886

Re: Route traffic on gateway behind IPSec tunnel

Hi, You will need to add the network behind the OpenVPN client to be part of the encryption domain between GW1 and GW2, so the traffic is allowed to pass, alternative you can use all-nets as local and remote network on the tunnel between GW1 and GW2, just remember to uncheck the box "Add route stati...
by Aron
10 Dec 2013, 17:10
Forum: InControl Discussions
Topic: Application Control
Replies: 1
Views: 2193

Re: Application Control

The issue you have encountered seems to correlate with a reported defect. The application is successfully identified but no bandwidth shaping occurs when more than one application filtering group is selected. The reported defect id is COP-13439. Sorry for the inconvenience caused by this. Best regar...
by Aron
09 Sep 2013, 10:23
Forum: SG Discussions
Topic: Push routes to IPSEC/L2TP users
Replies: 1
Views: 3395

Re: Push routes to IPSEC/L2TP users

The built-in L2TP client in Windows XP sends a DHCP Inform once the tunnel is established. I am not sure if this applies to L2TP clients in others Windows versions or operative systems. So if you want to use split tunneling, what you can try with is on the Clavister configure a DHCP server to listen...
by Aron
16 Aug 2013, 18:43
Forum: SG Discussions
Topic: Migrate from single SG to HA... best way...
Replies: 1
Views: 1711

Re: Migrate from single SG to HA... best way...

In my opinion, the easiest way to build a HA cluster from a stand alone unit is to first enable the HA functionality and configure all the shared and private ip´s on the stand alone unit. The interface ip will in a HA setup be the shared ip and the private ip´s will be used for traffic sourced or de...
by Aron
29 May 2013, 08:26
Forum: SG Discussions
Topic: SAT/NAT rule help!
Replies: 7
Views: 8199

Re: SAT/NAT rule help!

SAT rules rewrites the destination or source ip and/or port in the ip-header, but it does not allow the packet for further processing, for that you must have a Allow/FwdFast/NAT -rule. The Core interface belongs to the firewall itself, from the firewalls perspective all interface ip´s are routed on ...
by Aron
27 Aug 2012, 11:47
Forum: SG How to's
Topic: How to setup a L3 bridge over IPsec (9.x)
Replies: 0
Views: 2805

How to setup a L3 bridge over IPsec (9.x)

This HowTo applies to: Clavister Security Gateway 9.x Scenario: I have two Clavister Security Gateways with the same subnets behind both and hosts one one side needs to access resources on the other side. I want to use my IPSec tunnel as a Layer 3 bridge between two Clavister Security Gateways. Thi...