Hello Tomasz
Could you please save and post your whole configuration? (In the Web GUI use the following menu item: [GENERAL] > [Whole Configuration] > [Load Save Configuration]).
Best Regards,
Installing Problems
Re: Installing Problems
Hi
Conf is :
# CG-OS-NG-1.1.5 configuration file saved at 2016/05/10-15:33:27
# Hardware model: SWG-US20-GR2000000-RU10-RW5-RC30-LR7-UL128-PC1-WL1-RL1
timezone Europe/Warsaw
hostname cacheguard
domainname pl.amx
email admin gateway@example.com
email ftp noreply@example.com
admin tls default
rweb site raz
tls raz
tls add default
admin tls default
admin snmp off
admin ssh on
admin wadmin on
admin waudit on
admin snmp community:encrypted U2FsdGVkX18A8VxVz/P3bfl9h+PrNMkcUfQfTYNjwwk=
admin snmp privacy:encrypted U2FsdGVkX18A8VxVz/P3bfl9h+PrNMkcUfQfTYNjwwk=
admin snmp user admin
admin snmp tls off
admin snmp udp on
admin snmp tcp off
admin snmp trap raz
admin topology internal on
admin topology external on
admin topology auxiliary off
admin user raz
mode router on
mode dns off
mode dhcp off
mode snat on
mode firewall off
mode vlan off
mode ha off
mode qos off
mode web on
mode tweb on
mode rweb on
mode guard off
mode waf off
mode antivirus off
mode authenticate off
mode anonymous off
mode ftppassive on
mode cache on
mode compress off
mode log on
log type web on
log type rweb on
log type guard on
log type antivirus on
log type waf on
log type firewall on
link bond internal raz
link bond external raz
link bond auxiliary raz
link bond internal add eth0
link bond external add eth1
vlan rweb 0
vlan peer 0
vlan file 0
vlan mon 0
vlan web 101
vlan admin 101
ip internal 10.101.1.89 255.255.255.0
ip external 192.168.202.130 255.255.255.0
ip auxiliary 0.0.0.0 0.0.0.0
ip internal.0 0.0.0.0 0.0.0.0
ip internal.101 0.0.0.0 0.0.0.0
vrrp internal raz
vrrp external raz
vrrp auxiliary raz
vrrp web raz
vrrp rweb raz
ip route raz
ip route add default 192.168.202.1
port proxy 8080
port thttp 8081
port tcpeer 8086
port udpeer 8087
port dhcp 8088
port wadmin 8090
port waudit 8091
dns raz
dns add 10.101.1.15
dns add 10.101.1.17
dhcp range raz
dhcp peer raz
ntp raz
peer share raz
peer ha raz
peer next raz
peer previous raz
qos bandwidth internal ingress 1000000
qos bandwidth internal egress 1000000
qos bandwidth external ingress 100000
qos bandwidth external egress 100000
qos bandwidth auxiliary ingress 1000000
qos bandwidth auxiliary egress 1000000
qos shape file internal ingress 10%
qos shape file internal egress 10%
qos shape file external ingress 20%
qos shape file external egress 10%
qos shape file auxiliary ingress 10%
qos shape file auxiliary egress 10%
qos shape peer internal ingress 20%
qos shape peer internal egress 20%
qos shape web internal ingress 10%
qos shape web internal egress 30%
qos shape web external ingress 40%
qos shape web external egress 10%
qos shape rweb internal ingress 40%
qos shape rweb internal egress 10%
qos shape rweb external ingress 10%
qos shape rweb external egress 40%
qos shape tweb internal ingress 10%
qos shape tweb internal egress 20%
qos shape default internal ingress 10%
qos shape default internal egress 10%
qos shape default external ingress 30%
qos shape default external egress 40%
qos shape default auxiliary ingress 80%
qos shape default auxiliary egress 80%
qos shape router raz
qos borrow internal ingress on
qos borrow internal egress on
qos borrow external ingress on
qos borrow external egress on
qos borrow auxiliary ingress on
qos borrow auxiliary egress on
transparent raz
transparent add 10.101.1.0 255.255.255.0 100
access web raz
access file raz
access file add 192.168.202.141
access admin raz
access admin add 10.101.1.0 255.255.255.0
access admin add 192.168.202.0 255.255.255.0
access admin add 10.101.0.0 255.255.0.0
access mon raz
access mon add 10.101.1.1
cache object 1 51200
cache bigobject off
guard ip off
guard rule raz
guard policy raz
guard filter ip raz
guard filter time raz
guard filter ldap raz
guard category raz
firewall external raz
firewall web raz
firewall rweb raz
firewall admin raz
firewall mon raz
firewall file raz
firewall peer raz
firewall auxiliary raz
waf generic protocol_violations off
waf generic protocol_anomalies on
waf generic request_limits on
waf generic http_policy on
waf generic bad_robots on
waf generic generic_attacks off
waf generic xss_attacks off
waf generic sql_injection_attacks off
waf generic tight_security on
waf generic trojans on
waf generic common_exceptions on
waf generic outbound off
waf limit response 512
waf limit request 1024
waf limit assertions 256
waf limit name 128
waf limit value 512
waf limit arguments 65536
waf limit files 131072
waf bypass raz
waf rweb denyurl raz
antivirus auto pl
antivirus maxobject 2048
antivirus pua off
authenticate web on
authenticate rweb off
authenticate mode ldap
authenticate ldap binddn set:encrypted 'cn=admin,dc=example,dc=com' U2FsdGVkX1+UgK5sTHMJwfCzOgUw9H/mUIVmNWsggo4=
authenticate ldap request 'dc=example,dc=com' 'uid' 'userPassword' 'objectClass=inetOrgPerson' 'ou=groups,dc=example,dc=com' 'web'
authenticate ldap server raz
password ftp
Best Regards
Conf is :
# CG-OS-NG-1.1.5 configuration file saved at 2016/05/10-15:33:27
# Hardware model: SWG-US20-GR2000000-RU10-RW5-RC30-LR7-UL128-PC1-WL1-RL1
timezone Europe/Warsaw
hostname cacheguard
domainname pl.amx
email admin gateway@example.com
email ftp noreply@example.com
admin tls default
rweb site raz
tls raz
tls add default
admin tls default
admin snmp off
admin ssh on
admin wadmin on
admin waudit on
admin snmp community:encrypted U2FsdGVkX18A8VxVz/P3bfl9h+PrNMkcUfQfTYNjwwk=
admin snmp privacy:encrypted U2FsdGVkX18A8VxVz/P3bfl9h+PrNMkcUfQfTYNjwwk=
admin snmp user admin
admin snmp tls off
admin snmp udp on
admin snmp tcp off
admin snmp trap raz
admin topology internal on
admin topology external on
admin topology auxiliary off
admin user raz
mode router on
mode dns off
mode dhcp off
mode snat on
mode firewall off
mode vlan off
mode ha off
mode qos off
mode web on
mode tweb on
mode rweb on
mode guard off
mode waf off
mode antivirus off
mode authenticate off
mode anonymous off
mode ftppassive on
mode cache on
mode compress off
mode log on
log type web on
log type rweb on
log type guard on
log type antivirus on
log type waf on
log type firewall on
link bond internal raz
link bond external raz
link bond auxiliary raz
link bond internal add eth0
link bond external add eth1
vlan rweb 0
vlan peer 0
vlan file 0
vlan mon 0
vlan web 101
vlan admin 101
ip internal 10.101.1.89 255.255.255.0
ip external 192.168.202.130 255.255.255.0
ip auxiliary 0.0.0.0 0.0.0.0
ip internal.0 0.0.0.0 0.0.0.0
ip internal.101 0.0.0.0 0.0.0.0
vrrp internal raz
vrrp external raz
vrrp auxiliary raz
vrrp web raz
vrrp rweb raz
ip route raz
ip route add default 192.168.202.1
port proxy 8080
port thttp 8081
port tcpeer 8086
port udpeer 8087
port dhcp 8088
port wadmin 8090
port waudit 8091
dns raz
dns add 10.101.1.15
dns add 10.101.1.17
dhcp range raz
dhcp peer raz
ntp raz
peer share raz
peer ha raz
peer next raz
peer previous raz
qos bandwidth internal ingress 1000000
qos bandwidth internal egress 1000000
qos bandwidth external ingress 100000
qos bandwidth external egress 100000
qos bandwidth auxiliary ingress 1000000
qos bandwidth auxiliary egress 1000000
qos shape file internal ingress 10%
qos shape file internal egress 10%
qos shape file external ingress 20%
qos shape file external egress 10%
qos shape file auxiliary ingress 10%
qos shape file auxiliary egress 10%
qos shape peer internal ingress 20%
qos shape peer internal egress 20%
qos shape web internal ingress 10%
qos shape web internal egress 30%
qos shape web external ingress 40%
qos shape web external egress 10%
qos shape rweb internal ingress 40%
qos shape rweb internal egress 10%
qos shape rweb external ingress 10%
qos shape rweb external egress 40%
qos shape tweb internal ingress 10%
qos shape tweb internal egress 20%
qos shape default internal ingress 10%
qos shape default internal egress 10%
qos shape default external ingress 30%
qos shape default external egress 40%
qos shape default auxiliary ingress 80%
qos shape default auxiliary egress 80%
qos shape router raz
qos borrow internal ingress on
qos borrow internal egress on
qos borrow external ingress on
qos borrow external egress on
qos borrow auxiliary ingress on
qos borrow auxiliary egress on
transparent raz
transparent add 10.101.1.0 255.255.255.0 100
access web raz
access file raz
access file add 192.168.202.141
access admin raz
access admin add 10.101.1.0 255.255.255.0
access admin add 192.168.202.0 255.255.255.0
access admin add 10.101.0.0 255.255.0.0
access mon raz
access mon add 10.101.1.1
cache object 1 51200
cache bigobject off
guard ip off
guard rule raz
guard policy raz
guard filter ip raz
guard filter time raz
guard filter ldap raz
guard category raz
firewall external raz
firewall web raz
firewall rweb raz
firewall admin raz
firewall mon raz
firewall file raz
firewall peer raz
firewall auxiliary raz
waf generic protocol_violations off
waf generic protocol_anomalies on
waf generic request_limits on
waf generic http_policy on
waf generic bad_robots on
waf generic generic_attacks off
waf generic xss_attacks off
waf generic sql_injection_attacks off
waf generic tight_security on
waf generic trojans on
waf generic common_exceptions on
waf generic outbound off
waf limit response 512
waf limit request 1024
waf limit assertions 256
waf limit name 128
waf limit value 512
waf limit arguments 65536
waf limit files 131072
waf bypass raz
waf rweb denyurl raz
antivirus auto pl
antivirus maxobject 2048
antivirus pua off
authenticate web on
authenticate rweb off
authenticate mode ldap
authenticate ldap binddn set:encrypted 'cn=admin,dc=example,dc=com' U2FsdGVkX1+UgK5sTHMJwfCzOgUw9H/mUIVmNWsggo4=
authenticate ldap request 'dc=example,dc=com' 'uid' 'userPassword' 'objectClass=inetOrgPerson' 'ou=groups,dc=example,dc=com' 'web'
authenticate ldap server raz
password ftp
Best Regards
Re: Installing Problems
Hi
I just tested your configuration in our lab and it perfectly works. I suspect that some specificity in your network topology avoids CG to work properly. Please double check the connectivity between your Web browser, CG and your Internet router. You should have this:
[WebBrowser] <-----> [(eth0) (CG) (eth1)] <-----> [Internet Router]
Also please check that there is no asymmetric routing in your network for traffic traversing CG.
Best Regards,
I just tested your configuration in our lab and it perfectly works. I suspect that some specificity in your network topology avoids CG to work properly. Please double check the connectivity between your Web browser, CG and your Internet router. You should have this:
[WebBrowser] <-----> [(eth0) (CG) (eth1)] <-----> [Internet Router]
Also please check that there is no asymmetric routing in your network for traffic traversing CG.
Best Regards,