Recent Posts

51

Deployment / Re: Suggested deployment between two firewalled sites

« Last post by blazarov on May 09, 2018, 06:46:20 AM »

Hi,
My calculations result in bandwidth-delay product for this particular link is > 750KB, so it definitely qualifies as LFN as per RFC1072
Aside from theory, real life shows the typical undesirable LFN effects, such as poor TCP performance, also very dependent on the endpoint OS'es, hence the use case for WANOS.

Regarding PBR - what bothers me is the right-hand network. As you can see all subnets are directly connected to the firewall which acts as their default GW for the segment. The same firewall terminates the IPSec to the remote site, no hops in between. In this case I dont see any good PBR implementation, am I missing something?

52

Troubleshooting / WanOS bridge on oVirt (KVM) pass only icmp

« Last post by robert on May 09, 2018, 05:11:53 AM »

WanOS v4.2.1 64-bit Plus 1000/1000 installed on oVirt (KVM) in bridge mode pass only icmp traffic, any other protocols (udp, tcp) not passing. On oVirt VM properties macspoof = true. Tried to create bypass policy for udp, tcp, udp 53 - no luck. Web cache and TCP-X are disabled. Nothing interesting in logs. From test VM connected to the same vlan as lan0 WanOS interface I'm able to ping and traceroute any other hosts outside of wan0 interface.
network setup: client VM (eth0 192.168.0.10) - vlan2 - lan0 WanOS VM (wan0 192.168.0.254) - vlan1 - 192.168.0.1 gateway router.
Any suggestions?

53

Deployment / Re: Suggested deployment between two firewalled sites

« Last post by ahenning on May 08, 2018, 04:27:27 PM »

Just checking, 300Mbps and 20ms? That would be a short fat pipe, unless the 20 should be 200+?

PBR sounds like the way to go, with some IP Track SLA type of config for redundancy.

Wanos has IPsec, but if you have the infrastructure already, go with what is working now and just add Wanos for Optimization.

54

Deployment / Suggested deployment between two firewalled sites

« Last post by blazarov on May 08, 2018, 02:07:18 PM »

Hello,
I am a network engineer and a customer of mine likes WANOS and is looking for a deployment.
The environment is much more complex than all the examples in the documentation, so i am still wondering what would be a good approach and will it even work at all.

the objective is to implement WAN optimization between two sites connected by a long fat pipe (300+ Mbps; 20+ ms latency).
Currently the sites run IPSec VPN.

Now my question is on the actual WANOS appliances deployment. The customer requires virtual appliances.

Attaching a sample topology diagram.

Initially i though i would deploy the two appliances in Tunnel mode and put their WAN directly in Internet and totally replace the IPSec on the firewalls.
From my quick research it seems WANOS can not encrypt the traffic, so this is not acceptable - we should still retain the current IPSec and just use the optimization of the WANOS.

Since it will be a virtual appliance bridge deployment makes little sense to me, because there are too many VLANs on both sides and VLAN configuration will be very tricky and fragile.
so we're left with router/tunnel mode. obviously we need to route both directions of the traffic through the appliance - how would you suggest to do that?
changing servers default gw is not acceptable (critical environment) so are we looking at some sort of PBR?

55

Troubleshooting / Re: WANOS bridge not working

« Last post by philippe on April 03, 2018, 12:36:01 PM »

Hi,

TCP-X is now disable, and webcaching was not activated.
I sent you a mail with the parameters to connect on my computer.

Thanks.

56

Troubleshooting / Re: WANOS bridge not working - with mirror/span traffic

« Last post by ahenning on April 03, 2018, 10:26:57 AM »

Hi Philippe,

Thanks, techsup received. Log files don't report any problems, so we will need to look a little deeper to find the cause.

But firstly the test to send mirrored traffic to Wanos is not a valid test due to "noise" filters. Consider Wanos as a two port switch rather than a traditional bridge that would just pass everything through.

It is recommended to test with real traffic.

Also please disable TCP-X and if enabled web caching as these features requires a routing table and Wanos would not know to send the traffic to the laptop.

57

Troubleshooting / WANOS bridge not working - with mirror/span traffic

« Last post by philippe on April 03, 2018, 10:04:36 AM »

Hello,

I have a trouble with a wanos 450.
The equipment is plugged between a switch and a laptop.
I can see some trafic on the eth0 but I don't see the same trafic on the eth1.
In the session menu, I can't see any trafic going through, and on my laptop, I don't receive the trafic.
If I shutdown the equipment, I receive the trafic on my laptop.
Please it is a very urgent problem.

Thanks.

Edit: Added description in title that in this case the bridge is not working with mirror/span traffic (as expected)

58

Deployment / Re: WAN Optimization Solution

« Last post by ahenning on March 28, 2018, 10:13:33 PM »

Yes, should work, bridge mode does exactly that.

59

Deployment / WAN Optimization Solution

« Last post by DDIknguyen on March 28, 2018, 05:34:50 PM »

I'm looking for a solution to compress data and send over the WAN.  I have attached a picture of the current configuration of the current network.  It is basically a LAN network created by connecting two WAN with OpenVPN Bridge mode. The network works, but are bogged down by too much data going through a 4G connection or the Satellite connection.  The radar equipment IP address cannot be changed.  They are only supposed to work in a lLAN network, but we we separated them to work over a WAN.  That is why we have to create a VPN bridge for them to work.  The data going though are video feeds from cameras, radar data, and general data.  I see that you guys have a bridge mode and a tunnel mode.  It would be great if I can just plug in a WanOS between the Cradlepoint and the un-managed switch on each side of the VPN connection.  There wasn't much information in the guide, so I hope someone can confirm that this could work before I buy the devices.  Remember that the WanOS devices will probably think that it is in a LAN  network.

60

Deployment / Re: WanOS for Citrix

« Last post by mhaigh on March 09, 2018, 07:30:33 AM »

Hi ... could you let me know how you got on with this?  We have just implemented WANOS for our UK/USA link, and have similar issues with our Citrix with UK/India, so would really appreciate any feedback.... many thanks..