Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vinceneil666
Advisor

Maestro, magg interface bond.

Hi,

While working with Maestro I have created the magg0 interface, the bond for management. This interface is connected to my mgmt subnet where my management, log server and monitoring/backup servers are. - I will assume this is pretty standard.

What I have come across in some customer enviroments is that this subnet actually also contains a router, and has quite a few other subnets availaable... why this is done, and if it is a good idea is another question - but related to migrating to a maestro solution my question is this:

Is there anything besides the magg interface bond is running on a xor lacp setup (bringing the bandwidth down in comparison to the other general bonds for production) that would prevent me from using this as any other interface ? I see that I have the option to add a override on the spoofing and attaching a group for my attached subnets. 

So besides a somewhat different lacp setup - is there anything else related to the magg interface that I should consider related to the functionality of the firewall itself.

 

(To change the design of the l3 network is of course something I would like to do - but this is a timing issue and will probably trigger a project streching for months. )

0 Kudos
3 Replies
Chris_Atkinson
Employee
Employee

Actually the Magg interface shouldn't be used to route traffic i.e. another device on the same subnet should be the default gateway.

 

01800842 - Hide NAT for traffic initiated from the Management interface of Maestro Security Appliances is not supported.

Refer: sk148074

vinceneil666
Advisor

That bug or non supported feature you are refering tothere is for R76SP , Im running R80.20SP. As far as I can see there is no issues as such for the r80 version - and I am also prettu sure I got hide nat working without an issue 🙂 

0 Kudos
vinceneil666
Advisor

Oh, I see that it is still not resolved - my bad ! . thank you
0 Kudos