Installing Problems

Discuss and get help to implement a CacheGuard Gateway into your networks
User avatar
charles
Site Admin
Posts: 41
Joined: 06 Nov 2014 16:23
Location: Paris
Contact:

Re: Installing Problems

Post by charles »

Hello Tomasz

Could you please save and post your whole configuration? (In the Web GUI use the following menu item: [GENERAL] > [Whole Configuration] > [Load Save Configuration]).

Best Regards,
Charles Tajvidi
IT Technical Architect
http://www.cacheguard.com
Tomek
Posts: 6
Joined: 30 Mar 2016 09:44

Re: Installing Problems

Post by Tomek »

Hi
Conf is :
# CG-OS-NG-1.1.5 configuration file saved at 2016/05/10-15:33:27
# Hardware model: SWG-US20-GR2000000-RU10-RW5-RC30-LR7-UL128-PC1-WL1-RL1

timezone Europe/Warsaw

hostname cacheguard
domainname pl.amx
email admin gateway@example.com
email ftp noreply@example.com

admin tls default
rweb site raz
tls raz
tls add default
admin tls default

admin snmp off
admin ssh on
admin wadmin on
admin waudit on
admin snmp community:encrypted U2FsdGVkX18A8VxVz/P3bfl9h+PrNMkcUfQfTYNjwwk=

admin snmp privacy:encrypted U2FsdGVkX18A8VxVz/P3bfl9h+PrNMkcUfQfTYNjwwk=
admin snmp user admin
admin snmp tls off
admin snmp udp on
admin snmp tcp off
admin snmp trap raz

admin topology internal on
admin topology external on
admin topology auxiliary off

admin user raz

mode router on
mode dns off
mode dhcp off
mode snat on
mode firewall off
mode vlan off
mode ha off
mode qos off
mode web on
mode tweb on
mode rweb on
mode guard off
mode waf off
mode antivirus off
mode authenticate off
mode anonymous off
mode ftppassive on
mode cache on
mode compress off
mode log on

log type web on
log type rweb on
log type guard on
log type antivirus on
log type waf on
log type firewall on

link bond internal raz
link bond external raz
link bond auxiliary raz
link bond internal add eth0
link bond external add eth1

vlan rweb 0
vlan peer 0
vlan file 0
vlan mon 0
vlan web 101
vlan admin 101

ip internal 10.101.1.89 255.255.255.0
ip external 192.168.202.130 255.255.255.0
ip auxiliary 0.0.0.0 0.0.0.0

ip internal.0 0.0.0.0 0.0.0.0
ip internal.101 0.0.0.0 0.0.0.0

vrrp internal raz
vrrp external raz
vrrp auxiliary raz
vrrp web raz
vrrp rweb raz

ip route raz
ip route add default 192.168.202.1

port proxy 8080
port thttp 8081
port tcpeer 8086
port udpeer 8087
port dhcp 8088
port wadmin 8090
port waudit 8091

dns raz
dns add 10.101.1.15
dns add 10.101.1.17

dhcp range raz

dhcp peer raz

ntp raz

peer share raz
peer ha raz
peer next raz
peer previous raz

qos bandwidth internal ingress 1000000
qos bandwidth internal egress 1000000
qos bandwidth external ingress 100000
qos bandwidth external egress 100000
qos bandwidth auxiliary ingress 1000000
qos bandwidth auxiliary egress 1000000
qos shape file internal ingress 10%
qos shape file internal egress 10%
qos shape file external ingress 20%
qos shape file external egress 10%
qos shape file auxiliary ingress 10%
qos shape file auxiliary egress 10%
qos shape peer internal ingress 20%
qos shape peer internal egress 20%
qos shape web internal ingress 10%
qos shape web internal egress 30%
qos shape web external ingress 40%
qos shape web external egress 10%
qos shape rweb internal ingress 40%
qos shape rweb internal egress 10%
qos shape rweb external ingress 10%
qos shape rweb external egress 40%
qos shape tweb internal ingress 10%
qos shape tweb internal egress 20%
qos shape default internal ingress 10%
qos shape default internal egress 10%
qos shape default external ingress 30%
qos shape default external egress 40%
qos shape default auxiliary ingress 80%
qos shape default auxiliary egress 80%
qos shape router raz
qos borrow internal ingress on
qos borrow internal egress on
qos borrow external ingress on
qos borrow external egress on
qos borrow auxiliary ingress on
qos borrow auxiliary egress on

transparent raz
transparent add 10.101.1.0 255.255.255.0 100

access web raz

access file raz
access file add 192.168.202.141

access admin raz
access admin add 10.101.1.0 255.255.255.0
access admin add 192.168.202.0 255.255.255.0
access admin add 10.101.0.0 255.255.0.0

access mon raz
access mon add 10.101.1.1

cache object 1 51200
cache bigobject off

guard ip off
guard rule raz
guard policy raz
guard filter ip raz
guard filter time raz
guard filter ldap raz
guard category raz

firewall external raz
firewall web raz
firewall rweb raz
firewall admin raz
firewall mon raz
firewall file raz
firewall peer raz
firewall auxiliary raz

waf generic protocol_violations off
waf generic protocol_anomalies on
waf generic request_limits on
waf generic http_policy on
waf generic bad_robots on
waf generic generic_attacks off
waf generic xss_attacks off
waf generic sql_injection_attacks off
waf generic tight_security on
waf generic trojans on
waf generic common_exceptions on
waf generic outbound off

waf limit response 512
waf limit request 1024
waf limit assertions 256
waf limit name 128
waf limit value 512
waf limit arguments 65536
waf limit files 131072
waf bypass raz

waf rweb denyurl raz

antivirus auto pl
antivirus maxobject 2048
antivirus pua off

authenticate web on
authenticate rweb off
authenticate mode ldap
authenticate ldap binddn set:encrypted 'cn=admin,dc=example,dc=com' U2FsdGVkX1+UgK5sTHMJwfCzOgUw9H/mUIVmNWsggo4=
authenticate ldap request 'dc=example,dc=com' 'uid' 'userPassword' 'objectClass=inetOrgPerson' 'ou=groups,dc=example,dc=com' 'web'
authenticate ldap server raz

password ftp

Best Regards
User avatar
david
Posts: 163
Joined: 08 Aug 2015 20:38

Re: Installing Problems

Post by david »

Hi

I just tested your configuration in our lab and it perfectly works. I suspect that some specificity in your network topology avoids CG to work properly. Please double check the connectivity between your Web browser, CG and your Internet router. You should have this:

[WebBrowser] <-----> [(eth0) (CG) (eth1)] <-----> [Internet Router]


Also please check that there is no asymmetric routing in your network for traffic traversing CG.

Best Regards,
David Janeway
CacheGuard Technical Team
https://www.cacheguard.com
Post Reply