Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13
  1. #11
    Newbie
    Join Date
    Apr 2012
    Posts
    1

    Default

    Quote Originally Posted by ozricxx View Post
    I am new in this company network.

    At this time its like that:

    There is a Windows Domain with 1 NAS and a few Servers and 2 DCs. All Servers are located in 10.0.2.0/255.255.0.0 .
    The Windows Workstations get 10.0.4.0/255.255.0.0 addresses from the Windows DC DHCP and the DC is also the internal DNS Server.

    All network things like (this time, i want to change it with untangle) pfSense and the Switches (All managed and with a fibrechannel backbone connected) are in 10.0.1.0/255.255.0.0

    In 10.0.3.0/255.255.0.0 are a few network printers and scanners.

    I know this is a bad solution, its not my work.

    What is your recommendation for a secure and working solution to get the windows domain working, tunnel the windows workstation traffic and the wifi traffic trough untangle and bring the untangle dhcp only to the wificlients (VLAN 100)?
    One thing I see, you're saying this;

    10.0.1.xx - mgmt vlan
    10.0.2.xx - servers, dc/bdc's etc
    10.0.3.xx - printers, scanners, etc.
    10.0.4.xx - users

    is this correct? if so,
    you're subnet mask would be 255.255.255.0
    no 255.255.0.0, that might be one issue.

    I'm assuming (not safe to do), that the 10g
    interface coming into the VM host and is setup
    as a Trunk doing Vlan tagging.

    Grant it, this is purely speculation, as not sure
    of your topology, data paths, routers/firewalls in
    the system and so on.

    Maybe a sanitized quick 100000 foot drawing might help.

    On my ESX PoC setup, I've got Untangle/pfsense/ipfire/ASG
    and a few others running, that I was testing for various
    projects, and I don't have any of these issues.

    My test up of my HP C7000 blade center and it's dual
    attached 10G interfaces isn't fully configured (awaiting
    on a netapp and a few other parts), or I'd try it there.
    We've got 20 HP C7000 blade centers in production
    each dual attacked 10G uplinks.

    A picture is worth a 10000000000 works, as long as you've
    got your data flows and such. Once you have that, you
    can plan routes, firewall rules, NAT'ing and such.

  2. #12
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Hello,
    Make sure you disconnect your interfaces in the Untangle, and in the Untangle Wizard, choose Transparent Mode instead of Transport Mode "Route Mode". Router mode, Untangle itself will represent itself as a default router in the network and all exisiting traffic assumes will pass through Untangle. In most deployement if Untangle sets behind a Router /Firewall the Untangle must be deployed as Transparent Mode.

    I'm behind checkpoint firewalls, application switches, and core switches passport. When first deployed Untangle, the default was Transport Mode. As soon as I finished the Deployment Wizard, the entier network goes down and I cannot reach anywhere even the ESX Server iLO console to shutdown the Untangle VM even the MTL that configured between the Edge Switches and Passport goes down . The only way allowed me to overcome this issue is to re-enable the MTL between the Passport and Edge Switches.

    I disconnected the Interfaces in Untangle VM, I booted up and I re-run the wizard again as a Transparent Mode. So far it's working as a test in my production and I'm happy with it as a pr-deployement in my production to replace the current MicroCrap ISA Server.

    Thanks,
    Hussain

  3. #13
    Untangler
    Join Date
    Dec 2010
    Posts
    83

    Default

    Hi Once again,
    I have just noticed you are using mutlible vLANs and you are wishing to allow all traffic to go via Untangle.. Where does your Current Default Static Route is map too? does it pointing to the pSense? 0.0.0.0 mask 0.0.0.0 "pSenseIP" ?

    If yes, then you need to deploy Untangle with at least 1 WAN Connection and 1 Internal Interface. The internal Interface should be beside your "Servers" and coming from the coreswitch or from L3 switche where it can be reached from different vLANs and Untangle can reach them. the Inter-vLAN routing must be done in the L3 switch itself, and you will need to enter a default static route in the Untangle for each vLAN/Subnet that need to reach Untangle Internal Interface.

    If you go to Config -> Network -> Interfaces and you Edit the Internal Interface "Make sure you are in the Advanced Mode, otherwise you will not be able to edit the Interface". In the IP Address Aliases section, you can add your vLANs that need to reach Untangle and Untangle need to Reach them.

    Or you can go to Advanced --> Routes and add the vLAN that needs to reach Untangle Internal Interface... "Note: in here you need to point your vLAN to the IP Address of the vLAN Interface that configured in the Internal Interface, otherwise you will not reach Untangle nor Untangle will reach there.

    For example, if you configured Untangle Internal Interface on 10.0.2.40, in the Routes you should enter 10.0.4.0/16 via 10.0.2.1 "assume this Interface IP of the vLAN".

    Hope it helps.

    Thanks,
    Hussain

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2