Hi,
I have some issues with the configuration of my astaro v8 Essential firewall.
First three informations:
1. My astaro runs as a virtual appliance on a xenserver 6.0 and I know that this is a non-supported enviroment
2. this is only a lab enviroment
3. the same configuration is runing well with MS Forefront TMG instead of astaro. But Forefront has known issues with the virtual interfaces on XenServer an drop packets.
Configuration:
- One Server runing XenServer with one physical interface
- In XenServer i configured the following virtual interfaces:
+ intLAN -> 172.16.1.0 /24
+ intDMZ -> 172.16.2.0 /24
+ External = bounded to the physical interface -> public static IP
- XenServer management console is on the physical interface
- all virtual maschines get the intLAN interface
- the astaro get all three interfaces
- on the External interface I configured an additional address (Name XS Mgmt. On interface "External". IPv4: 172.16.10.254 as the Management network)
- for internet access i configured masquerading:
+ Network: intLAN (Network)
+ Interface: External
+ primary address
- there is also a DNAT rule for RDP access to the management server
- I configured the following firewall rules
+ some for internet access (intLAN to internal)
+ from management server to xenserver with HTTPS
The access from the xencenter (installed on the management server) to the xenserver works fine.
Only when i open the console of one virtual maschine in xencenter I get no screen.
I searched in the citrix forum and found, that the console could not be natted.
So I have to route the traffic from intLAN to XS Mgmt (on External).
What I have tried:
- add interface static route: Network: External [XS Mgmt] (Network) / Interface intLAN
and a second interface static route: Network: Internal (Network) / Interface External
for the traffic back??
- try to work with DNAT/SNAT/FullNAT/NoNAT but no success
has someone any ideas or have I some errors on configuration?
-> In the firewall logs I get no errors!
Guest User!
You are not Sophos Staff.
