Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-28-2018 04:49 AM

Article Id 189543

Technical Note: Configure Routes for Sub-Interfaces

Description
Configure Routes for Sub-Interfaces

Solution
Issue:  SSL Agent communication failing due to traffic being received and transmitted out different interfaces on Network Sentry.  In order for SSL agent communication to be successful, the communication must come in and out the same interface. 

Agent traffic is handled using eth1 (if a pair, this interface is on the Application Server). 

Example: Agent traffic resolves to interface eth1:3.  Without a static route, traffic sent to the IP Address of eth1:3 sub-interface is responded to out the physical eth1 interface. 

Solution:  Add a static route to the eth1 sub-interface the agent communication resolves to.  In this example, by adding a static route to the eth1:3 sub-interface, responses are sent back out the eth1:3 sub-interface.

Here is an example of setting a static route to a sub-interface:
any net 160.87.218.0/23 gw 160.87.89.161 dev eth1:3





Labels:
384
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.