beautypg.com

Transparent mode internet access – Amer Networks E5Web GUI User Manual

Page 346

background image

single logical IP network in Transparent Mode with a common address range (in this example
192.168.10.0/24).

Figure 4.25. Transparent Mode Internet Access

In this situation, any "normal" non-switch all-nets routes in the routing table should be removed
and replaced with an all-nets switch route (not doing this is a common mistake during setup).
This switch route will allow traffic from the local users on Ethernet network pn2 to find the ISP
gateway.

These same users should also configure the Internet gateway on their local computers to be the
ISPs gateway address. In non-transparent mode the user's gateway IP would be the Clavister
Security Gateway's IP address but in transparent mode the ISP's gateway is on the same logical IP
network as the users and will therefore be gw-ip.

cOS Core May Also Need Internet Access

The Clavister Security Gateway also needs to find the public Internet if it is to perform cOS Core
functions such as DNS lookup, Web Content Filtering or Anti-Virus and IDP updating. To allow
this, individual "normal" non-switch routes need to be set up in the routing table for each IP
address specifying the interface which leads to the ISP and the ISPs gateway IP address.

If the IPv4 addresses that need to be reached by cOS Core are 85.12.184.39 and 194.142.215.15
then the complete routing table for the above example would be:

Route type

Interface

Destination

Gateway

Switch

if1

all-nets

Switch

if2

all-nets

Non-switch

if1

85.12.184.39

gw-ip

Non-switch

if1

194.142.215.15

gw-ip

The appropriate IP rules will also need to be added to the IP rule set to allow Internet access
through the Clavister Security Gateway.

Grouping IP Addresses

It can be quicker when dealing with many IP addresses to group all the addresses into a single
group IP object and then use that object in a single defined route. In the above example,
85.12.184.39 and 194.142.215.15 could be grouped into a single object in this way.

Using NAT

NAT should not be enabled for cOS Core in Transparent Mode since, as explained previously, the

Chapter 4: Routing

346

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: