Hi All,
Below is the network scenario
-------->vlan10
Fw--->l3 --------->vlan20----->CR
---------->Vlan30
Here Firewall is connected to a l3 switch which is capable to do inter-vlan routing. Customer is not ready to make any changes.
Cyberoam has be configured to place in the server vlan 20. The gateway of all these server is vlan interface on the L3 i.e. 192.168.20.1
To deploy the Cyberoam in the single arm proxy you need to get a free IP from the Vlan 20 network and assign in to PORT A of the appliance.
Port B--->Any dummy IP address and the gw of the port B will be any dummy IP address
In the Cyberoam Network--->static routes, you need to add following route:
destination network : 0.0.0.0/0.0.0.0
interface Port: Port A
Next Hop: 192.168.20.1
Users in other vlans will be using the CR IP in their browsers.
So traffic path from the Vlan 30 ---->l3---->CR(port A-IN)--->scanning done---->Port A (OUT due to static route)---->L3--->FW---internet
and the return path will also be same.
Below is the network scenario
-------->vlan10
Fw--->l3 --------->vlan20----->CR
---------->Vlan30
Here Firewall is connected to a l3 switch which is capable to do inter-vlan routing. Customer is not ready to make any changes.
Cyberoam has be configured to place in the server vlan 20. The gateway of all these server is vlan interface on the L3 i.e. 192.168.20.1
To deploy the Cyberoam in the single arm proxy you need to get a free IP from the Vlan 20 network and assign in to PORT A of the appliance.
Port B--->Any dummy IP address and the gw of the port B will be any dummy IP address
In the Cyberoam Network--->static routes, you need to add following route:
destination network : 0.0.0.0/0.0.0.0
interface Port: Port A
Next Hop: 192.168.20.1
Users in other vlans will be using the CR IP in their browsers.
So traffic path from the Vlan 30 ---->l3---->CR(port A-IN)--->scanning done---->Port A (OUT due to static route)---->L3--->FW---internet
and the return path will also be same.
No comments:
Post a Comment