Author Topic: deployment behind Firewalls  (Read 9090 times)

khiloc

  • Member
  • ***
  • Posts: 16
    • View Profile
deployment behind Firewalls
« on: May 15, 2015, 05:26:36 PM »
Hello,
i am setting up Wanos in a lab simulating my production environnement. It is two remote offices linked by vsat like this: SW stands for Switch, RTR for Router

LAN1<=>SW1<=>FW1<=>RTR1<=>VSAT<=>RTR2<=>FW2<=>SW2<=>LAN2

1- what will be the best place to put the wanos device in?
2- will the wanos be accessible for admin residing in LAN2, as the IP of WanOS boxes are preconfigured. or can the management IP of Wanos devices be changed?

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: deployment behind Firewalls
« Reply #1 on: May 15, 2015, 06:28:52 PM »
IP addresses can be changed. The IP is accessible from either lan0 or wan0

If FW terminates a VPN then Wanos needs to be between the SW and FW.
If no VPN, then between FW and RTR is better.

See firewalls for more: http://wanos.co/forum/index.php?topic=29.0
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

khiloc

  • Member
  • ***
  • Posts: 16
    • View Profile
Re: deployment behind Firewalls
« Reply #2 on: May 18, 2015, 08:55:51 AM »
OK
Thanks for linked forum post.

Being in a french country how to change keyboard layout from cli? tried classical linux commands without success
« Last Edit: May 18, 2015, 09:14:35 AM by khiloc »

khiloc

  • Member
  • ***
  • Posts: 16
    • View Profile
Re: deployment behind Firewalls
« Reply #3 on: May 18, 2015, 09:46:58 AM »
please how to change ip addr pf tun0-00 interface from command line interface?
classical ifconfig?
or specific command?

as i need to change theIP before placing it at it place in the network and accessing it from web browser.

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: deployment behind Firewalls
« Reply #4 on: May 18, 2015, 10:04:05 AM »
7. Run the wanos-cfg command line utility or open https://192.168.1.200 to set the ip address.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

khiloc

  • Member
  • ***
  • Posts: 16
    • View Profile
Re: deployment behind Firewalls
« Reply #5 on: May 18, 2015, 10:08:28 AM »
Planning to try this to change my tun0 interface IP address:
ifconfig eth0 192.168.80.100 netmask 255.255.255.0 broadcast 192.168.80.255 up
route add default gw 192.168.80.254  (the default gw for this tun0 interface should be the one leading to the intranet, confim?)


And to make this config still there after reboot, is this good:
1- create a file /opt/tun0.sh
#!/bin/sh
ifconfig eth0 192.168.0.21 netmask 255.255.255.0 broadcast 192.168.0.255 up
route add default gw 192.168.0.1

2- Add it to the end of /opt/bootload.sh to start tun0.sh
/opt/eth0.sh &

3- is something missing?


Weird thing. I am using an HP MT 3500 desktop with 500GB and Core i3 processor. Added a Gb NIC in PCI slot.
first boot card was detected and a ifconfig show both card inside.
After a  Ctrl+alt+Del, PCI-E card is not visible.
Did a /etc/wanos/clean.sh
and PCI-e card visible again

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: deployment behind Firewalls
« Reply #6 on: May 18, 2015, 10:37:15 AM »
I think reset to defaults:
/etc/wanos/clean.sh

then set the ip:
wanos-cfg

CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: deployment behind Firewalls
« Reply #7 on: May 18, 2015, 10:56:13 AM »
Also remember for the bridge mode, two interfaces are required for the bridge. One interface for wan0 and another for lan0. (Assuming the pci card is the second nic)
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

khiloc

  • Member
  • ***
  • Posts: 16
    • View Profile
Re: deployment behind Firewalls
« Reply #8 on: May 18, 2015, 02:01:22 PM »
hello.
Just followed all steps and it is ok.

But some weird thins is happening.
i do a cleah.sh , then a wanos-cfg (changed IP) and waas able to connect to the box and acces everything from web interface.
Did a reboot (from web interface) and now no more able to connect to the box.


Wanos

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 56
    • View Profile
Re: deployment behind Firewalls
« Reply #9 on: May 18, 2015, 03:49:08 PM »
Sounds like the second network interface is not detected.
Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

khiloc

  • Member
  • ***
  • Posts: 16
    • View Profile
Re: deployment behind Firewalls
« Reply #10 on: May 19, 2015, 05:07:42 PM »
yes that's it
it is not detected. Sometimes it is, and some it is not.

Even more, with the integrated card access to the management web interface is working 1 on 2.

ahenning

  • Team Wanos
  • Administrator
  • Full Member
  • *****
  • Posts: 629
    • View Profile
Re: deployment behind Firewalls
« Reply #11 on: May 19, 2015, 08:40:54 PM »
Strange indeed. I sent an email with an alternative approach to do the poc on the vsat link.
CCIE RS, CCIE SP, Mnet&sys

Note: Forum posts may be outdated. Please see the latest documentation at wanos.co/docs

khiloc

  • Member
  • ***
  • Posts: 16
    • View Profile
Re: deployment behind Firewalls
« Reply #12 on: May 20, 2015, 06:17:40 PM »
Thanks for good help.
Got it working.

currently setting up the other side Wanos devices and will send it there later


khiloc

  • Member
  • ***
  • Posts: 16
    • View Profile
Re: deployment behind Firewalls
« Reply #13 on: May 27, 2015, 10:10:50 AM »
Hello
It is all OK now!
Optimization is working out of the Box!

Now on my implementing QOS

khiloc

  • Member
  • ***
  • Posts: 16
    • View Profile
Re: deployment behind Firewalls
« Reply #14 on: May 27, 2015, 11:12:05 AM »
By the way, just read : http://wanos.co/wan-optimization/packet-loss-recovery/

But seems to be any settings in dashboard to get this working....
any hint?