• Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

Comments (6)

1 Jason LaRocque commented Permalink

Hi Scott-
I'm seeing more weirdness with networking in 8.0.0.4. I've raised a PMR to address. Our current configuration has one management and one application interface enabled, 4 interfaces are assigned through ESX (I did verify that they are ordered like you have described in this post). Both M.1 and P.1 are on the same VLAN. The issue happens on reboot - the default gateway route is moved from M.1 to P.1, which breaks the firewall rules. I verified this happens on all of our 8.0.0.4 WGA installations (2 "tech test" internal WGAs - no firewall, and 2 "DEV" WGAs - in our DMZ). Any reports of this behavior?

 
Thanks!
Jason

2 Pierre Passin commented Permalink

Hi Jason,

 
Any luck on this? I get the same problem.

3 Doug Breaux commented Permalink

We've seen exactly the same problem as Jason as well. Is it this problem?
http://www-01.ibm.com/support/docview.wss?uid=swg21691208

 
At some point we were able to get the default back over to M.1 on one of our appliances, but I'm wondering if there's any chance of that reverting on reboot without warning.
 
Strangely, some other of our appliances at the same level do not exhibit this behavior.
 
(8.0.0.5 here)

4 SCOTT EXTON commented Permalink

Doug,

 
There is definitely a problem if you try to span a single subnet across multiple networks. I should mention that this is a general networking no-no rather than anything which is specific to the appliance. I can't really confirm whether this is the problem that you are actually seeing without details on what your networking looks like, and the symptoms that you are experiencing.
 
Thanks,
 
Scott.

5 Martin Ferrari commented Permalink

Hi Scott,
This question is in support of SSL certificates on the appliance interfaces. From the ISAM Web Reverse Proxy configuration topics it seems to me that when we have a secure site that needs ssl can then reference the cert keyfile label to associate a digital certificate to that interface. If another name is needing SSL then we must configure a second interface to support the additional SSL communication and so on. My question is, if i have created an additional Reverse Proxy instance would i be able to re-map additional i.e. different SSL certs to the same IP addresses/interfaces that were used for ssl in another proxy instance?

 
Thank You
Martin Ferrari

6 SCOTT EXTON commented Permalink

Martin,
I think that you are really after the Server Name Indication (SNI) functionality of the Web Reverse Proxy. This will allow the same Web Reverse Proxy to serve up different certificates based on the host name used.
Scott.

Add a Comment Add a Comment