- CheckMates
- :
- Products
- :
- Quantum
- :
- SMB Gateways (Spark)
- :
- Re: problem with monitoring 1500 appliance LTE
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
problem with monitoring 1500 appliance LTE
Hello CheckMates,
we had a bunch of 1500 appliances connected to the internet via LTE. Everything is working fine, VPN tunnels are up and traffic flows. But all appliances are shown as disconnected in Smartconsole/SmartviewMonitor. After debug we could see the LTE provider did some NAT for the appliance. The Managementserver does not get the real IP of the appliance, only the NATed IP. I think this is normal behaviour if any NAT is done on the way between remote and central gateway but do we have any chance to get a green state in Smartconsole for the LTE appliances with dynamic IPs?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Review the following articles sk120136 / sk93566 as a start, not all implied rules apply for traffic from DAIP gateways ...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Chris_Atkinson checked these sarticles, everything looks fine. SmartProvisioning is mentioned in the article but we don't use this feature, alle gateways are defined as normal DAIP gateways. There are no firewall-rules between remote and central gateway.
Can you please explain the needed traffic flow for the "connect" state. Will be there a need for a cpd_amon connection from the management to the remote DAIP gateway or vice versa?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please explain the NAT used here - sounds like static NAT, not dynamic IP to me...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@G_W_Albrecht we have no information which kind of NAT is done via the LTE provider, this is something mysterious done by the German Telekom in the LTE network. We could see the appliance getting IP-adress (10.xx.xx.xx) but on the management we could see the appliance as 80.xx.xx.xx.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then maybe you can just be glad that VPN is working 😎
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Central gateway has rules in-place of the implied rules for the traffic from DAIP gateway/s or is mgmt traffic via VPN?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, rules exists for the management ports like cpd, fw_log, cpd_amon etc. VPN is working fine, logs are sent to the management. Only the state of the appliance is not shown as connected and the state of the VPN tunnel is shown as down in SmartviewMonitor.
Are there any requirements if the appliance will be installed behind another NAT-device ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Chris_Atkinson my question again.... we had a DAIP appliance behind a NAT device, only NAT no firewall. Will it be possible to get these appliance to the green state meaning "connected" in Smartconsole view ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've sought some feedback on your behalf (in the absence of a corresponding SK etc) and will update you accordingly.