Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Dual Home Network

Created: 29 Apr 2010 • Updated: 03 Nov 2010 | 5 comments
Rafael.Gomes's picture

Does the SWG support (on inline mode) the inspection/block of two differente ranges ?

I got two networks that i want to monitor (10.0.0.0 and 192.168.0.0) and these networks are on differente interfaces at the corporate firewall, one interface for each range. Is possible to put the SWG on inline mode and monitor different networks? Do i need to use another box to monitor each range ?

Thanks for the help !

Discussion Filed Under:

Comments 5 CommentsJump to latest comment

Sergi Isasi's picture

Rafael,

If the two networks and their default gateways are discrete, you can dual home on the larger SWG-8490 appliance.  This appliance has two inline interfaces for this exact purpose.

SI

Senior Product Manager - Web Gateway

Rafael.Gomes's picture

Hi Sergi !

Thanks for the reply !

I do not understand what you mean by a "discrete gateway".

The default gateway have two interfaces that interconnect both networks on the same box.

I connected each network on different pair of network (WAN/LAN) at the SWG appliance (8490), and i'm not able to bypass the traffic for 192.168.0 network.

The default Gateway for the networks 192.168.10.0 and 10.0.0.0 is the same.

Thanks for your help !

Sergi Isasi's picture

Ah you answered your question.  I mean that the default gateway for each IP segment has to be unique and on a different subnet.  If each network is using the same default gateway, that is not supported as a dual homing configuration for SWG at this time.

Senior Product Manager - Web Gateway

Rafael.Gomes's picture

Hi Sergi !

I posted a wrong information.

The default gateway is the same for both networks, but the ip address (of default gateway) for the networks are different.

For 192.168.0.0 network the default gateway is 192.168.0.x and for 10.0.0.0 is 10.0.0.2.

Assuming this topology, is a supported way to monitor both networks ?

I must check "separated management and inline networks" ?

I try to monitor using the configuration above and the traffic for 192.168.0.0 cannot bypass through the SWG.

thanks !!!
 

Sergi Isasi's picture

OK in this case, YES you should be able to monitor both networks with an SWG-8490.  One thing I forgot to mention is that to enable Dual Homing, SWG must have a dedicated MGMT IP as well.

If you check Enable Separate Management and Inline Networks, the option will be there to Enable Dual Homing as well.

Senior Product Manager - Web Gateway