Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enable/Disable IP forwarding via the GUI

jberry_1
Occasional Contributor
‎10-02-2012 09:23:AM
‎10-02-2012 09:23:AM

Enable/Disable IP forwarding via the GUI

With our Stingray configuration we have to enable IP forwarding so the connections appear to come from the client and not the traffic manager. When we perform updates this setting is automatically removed and when we deploy new traffic managers we have to perform the steps listed below via CLI. If possible could this setting be enabled or disabled via the GUI? Is there a way to have the update procedure leave this setting enabled when present?

  1. Check ip_forward is disabled by running the command, this should return a 0:
    cat /proc/sys/net/ipv4/ip_forward

  2. Run the command. Use this name under hostname for the next command:
    ls $ZEUSHOME/zxtm/conf/zxtms

  3. Run the command replacing with the name you found above.
    echo 'appliance!managenat no' >> $ZEUSHOME/zxtm/conf/zxtms/

  4. re-enable ip forwarding by running the following commands:
    sysctl -w net.ipv4.ip_forward=1

  5. Edit the following file with nano

nano /etc/sysctl.conf

    At the end change this line from a 0 to a 1

"net.ipv4.ip_forward=1"

+ +

6. Check connectivity.

0 Kudos
3 REPLIES 3
anga
Occasional Contributor
‎10-03-2012 05:41:AM
‎10-03-2012 05:41:AM

Re: Enable/Disable IP forwarding via the GUI

Hi

 

The trafficmanager actually forwards the client ip address in a header: X-Cluster-Client-Ip. If you can use that.

 

It is also possible to enable transparent ip on your pools, which will give that effect. Though enbling the transparent ip can give some issues. We have had problems with servers using the trafficmanager as default gateway, and then enabling the transparent ip on the pool. That gave the unfortunate sideeffect that ALL traffic, also non-trafficmanger-managed traffic ran through them. And as we have redundancy on the trafficmanager, the connection state exchange between the two trafficmanager nodes, gave huge performance problems.

 

André

0 Kudos
jberry_1
Occasional Contributor
‎10-11-2012 08:58:AM
‎10-11-2012 08:58:AM

Re: Enable/Disable IP forwarding via the GUI

We tried using X-Cluster-Client-Ip on our end but with early releases of the Zeus traffic manager there was a known bug with tthis feature. Essentially the IP address recorded in the X-Cluster-Client-Ip was only there part of the time or was blank. For this reason we had to switch to using IP forwarding and this is now our internal standard. Thanks for the suggestion though!

0 Kudos
aclarke
Frequent Contributor
‎12-28-2012 04:10:AM
‎12-28-2012 04:10:AM

Re: Enable/Disable IP forwarding via the GUI

Jason,

It kind of depends if you are using the Virtual Appliance or the software install. If you are using the VA, ip-forwarding is enabled when you turn on Network Address Translation ( System > Networking > NAT )

Google Chrome040.png

If you need ipforwarding without the NAT setup, you can script it, put the script into the extrafiles (Catalogues > Extra Files > Action Scripts )  section which will maintain the script over upgrades you can then hook the script to execute on Stingray Software Start ( General > Informational Messages > running: Software is running )

Google Chrome041.png

If you are using the software installation, the networking is not effected by STM installations.

Hope that helps...

--

Aidan.

--
Aidan Clarke
Pulse Secure vADC Product Manager
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.