nic configuration issue

Discuss and get help to implement a CacheGuard Gateway into your networks
Post Reply
gcnivas
Posts: 2
Joined: 21 Jun 2017 13:23

nic configuration issue

Post by gcnivas »

Hi,

I am trying to configure CacheGuard and running into problems while applying the settings.
I have a single network 192.168.50.0. The gateway 50.1 was terminated at firewall. Please advise how should I configure the two NICs? When I assign two IPs of same network for internal and external, it returns below errors..
*** Error 203 - The appliance IP addresses cannot belong to overlapped networks.
*** Error 206 - Gateways in the routing table should be connected to the appliance.
*** Error 200 - Integrity error.

For testing purposes, I have created a VLAN and configured one from each networks. Now error 203 is gone but the remaining two errors still there.

The reason for evaluating CacheGuard is to check the functionality of webproxy feature whether it can restrict the access to consumer google accounts while allowing access to specified domain hosted on google (google apps). In other words, work email hosted on google should work and personal gmail should be blocked. If this can be achieved, we can work further on licensing part.


Thanks,
Sreenivas
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: nic configuration issue

Post by david »

Hi,

Thank you for your post. Can you please give me the output of the following commands:

Code: Select all

ip
ip route
FYI as CG operates as a firewall/router/transparent proxy, its internal and external interfaces should belong to distinct networks. In your case your routing table should contain a gateway that is not directly connected to the appliance. Gateways should belong to the internal, external or auxiliary networks. In case where you have activated the VLAN mode (mode vlan on), gateways can, moreover, belong to networks associated to (802.1q) tagged VLANs.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
gcnivas
Posts: 2
Joined: 21 Jun 2017 13:23

Re: nic configuration issue

Post by gcnivas »

Hi,

I have deleted the old configuration & did the setup again. Somehow, I am now able to browse the appliance through browser on external IP.

Could you please confirm whether the requirement that I have shared can be achieved by CG? I mean, intercepting https traffic & inserting custom header into all the traffic sent to google, so that access is allowed to only the allowed domains on google & to block access to consumer gmail accounts.

Reference article from Google.. https://support.google.com/a/answer/1668854?hl=en

Below are the results for ip & ip route

admin@cacheguard> ip

ip internal 192.168.50.100 255.255.255.0
ip external 192.168.100.100 255.255.255.0
ip auxiliary 0.0.0.0 0.0.0.0
ip internal.0 0.0.0.0 0.0.0.0

admin@cacheguard> ip route

ip route default 192.168.100.1 50

Thanks,
Sreenivas
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: nic configuration issue

Post by david »

Hi,

In answer to your question, in forwarding mode (ie. CG is implemented in front of Web end-users) CG can allow or deny Web traffic according to policies and guarding rules. Guarding rules are based on domain names, URLs and regular expressions (that describe a URL). In other words, CG does not inspect or insert headers to guard against websites in forwarding mode.

If you can differentiate "consumer gmail accounts" and "other Google domains" by using regular expressions, domain names and URLs then CG meets your requirement. Otherwise I'm afraid that it would not be possible (at least with the current version).

If you need more information regarding this requirement please create a new topic in the "Configure the URL Guarding " section.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Post Reply