Re: ipassignment.conf for Maestro environment

NiladriSarkar · ‎2024-03-07

In regular cluster we mention the hostname to start the line in ipassignemnt.conf

Example in active-passive cluster :

for FW1 we will add the following line

DC1-F1 net 172.1.1.0/21 dns=(10.6.32.12,10.52.42.136,10.20.65.70) All_marketing_user

for FW2 we will add the following line

DC1-F2 net 172.1.1.0/21 dns=(10.26.32.122,10.25.42.136,10.20.65.70) All_marketing_user

now in an Maestro environment with three active gateways :

do we use the cluster name in place of (DC1-F1/F2 ) ?

the_rock · ‎2024-03-07

I actually made note about this when CP Sales person was giving presentation to the customer about Maestro and they had exact same question and he told them that is exactly how you would do it. Im sadly not that versed with Maestro at all, so never tested it myself, but certainly has logic to it.

Best,

Andy

NiladriSarkar · ‎2024-03-07

thanks for responding @the_rock . I did try with the cluster name and it seems it does not always work !

Following my example above, if an user from marketing connected to VPN 5 times, randomly 2 times he/she got a correct IP from ipasignement.conf.. 3 times he/she got an IP from DHCP which is for non-marketing users !!

imagine if we have rules restricted with source IP address.. it will be meaning less. 😞

will be creating an TAC ticket.

the_rock · ‎2024-03-07

That sounds like a good idea...sorry, as I said, not so familiar with Maestro environment myself, so cant offer any other advice/

Hope TAC will help you. Let us know how it gets solved.

Best,

Andy

NiladriSarkar · ‎2024-03-07

thanks @the_rock .

the_rock · ‎2024-03-07

No worries.

Andy

Alexey_Sushko · ‎2024-06-05

Hello friend!

May be you have deal with the question?

Can you share the information please?

Are you a member of CheckMates?

ipassignment.conf for Maestro environment