This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Blason_R
Leader
Leader
‎2021-08-10 08:59 PM

Single site dual MHO-140 and 3 6700

Hi team,

I have a scenario where  I have 2 MHO140 and 3 6700s. I need to configure single site dual Orchs

Hence I have certain queries about the same. MHOs I have upgraded to R81.10 SP and 6700 with R81SP with latest HFA

  • The routes will be configured on MHO? [Default and Network routes]
  • Since I need to terminate fibre on two MHO, I need to configure Bond on MHO, right?
  • Both MHO should have management IP?
  • Since there are two MHO; which one I need access from mgmt IP to configure SGM?
  • Do I always need to connect to primary MHO and perform the administrative tasks, like adding routes, defining bonds, etc..

TIA

Blason R

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
6 Replies
Danny
Champion Champion
Champion
‎2021-08-10 10:39 PM

I have just configured the same.

  • Routes for the MHOs are configured directly on them, probably just the default Route. Routes for the Security Group (SG) are configured on the first appliance within the SG and are then cloned to the other appliances when these are added to the SG in the last step.
  • Interface bonds have to be configured within the SG using gClish. On the MHO you just drag the interfaces to the SG that it will work with.
  • Yes, both MHOs have a Management IP.
  • Doesn‘t matter. As long as you have a Sync cable between both MHOs and the Operator Status of the Sync port is up and is showing RX packets you are good.
  • No, this is done on the SG. Just connect to the SG‘s management IP and configure it there.
0 Kudos
Blason_R
Leader
Leader
‎2021-08-10 10:47 PM
In response to Danny

Thanks for the info - So

My MHO1 is 10.10.10.10 and MHO2 is 10.10.10.20 with DG 10.10.10.1

While my external interface is 30.30.30.30/28

Internal LAN is 192.168.40.2/24

In this case to access the MHO Management IP; I just need to add route on MHO with default gateway pointed to 10.10.10.1

And since my external and internal interfaces are terminated on MHO [with bond]; my internet default gateway will be on SG using gclish?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
vinceneil666
Advisor
‎2021-08-10 10:54 PM
In response to Blason_R

Hi,

The default gateway for your production traffic and internal is defined on the SGM, using gclish as you say.

0 Kudos
Blason_R
Leader
Leader
‎2021-08-15 08:23 PM
In response to vinceneil666

So my Mgmt port from MHO to connect SMO can be on different subnet? Wondering if not then who would route the traffic to SGM? Like 

Lets say my Management server IP is 192.168.14.10 and SGM is 172.16.10.10?  Will that work?

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos
vinceneil666
Advisor
‎2021-08-15 10:43 PM
In response to Blason_R

Hi, I know from experience that it will work - but you should really get the mgmt interface of the SMO directly connected to the same subnet as the Management and log server etc...

There will/can be issues related to NAT, and also - if your management network in addition to contain management server, also has some esx hosts, a server or two...whatever else - that traffic will get issues. 

In my last setup, the customer had a subnet where the management server was on a subnet that containd lots of "other stuff" to - due to design and historical configs, I ended ut adding an additional interface on the management server, and had my SMO connect to that, just to get it directly connected.

 

0 Kudos
Blason_R
Leader
Leader
‎2021-08-16 04:03 AM
In response to vinceneil666

Thanks man for the valuable input.

 

Thanks and Regards,
Blason R
CCSA,CCSE,CCCS
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events