GSS-Communication on Second Interface

Unanswered Question
Jun 14th, 2010
User Badges:

Hi,


I shall be deploying two GSS in two different locations.


Both GSS devices shall be placed on a DMZ using Private IP addressing with NAT to Public addresses to resolve DNS requests.


As replication is not supported using NAT, would it be feasible to configure the second Interface with an IP address on the inside Network which would be used for GUI Management and also GSS-Comunications. Are there  any security issues which this approach.


regards


Ian.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Sean Merrow Mon, 06/14/2010 - 06:19
User Badges:
  • Silver, 250 points or more

Hello Ian,


By default, the first Ethernet interface (eth0) is used for both interdevice communications and for communicating with ANM, which you use to manage your GSS devices.  You can use the gss-communications interface-config command to change it to eth1.  I'm not aware of any security issues with this approach.


Hope this helps,

Sean

iwearing Mon, 06/14/2010 - 06:55
User Badges:

Sean,


Thanks for the update. I would imagine that due to the NAT restriction on the GSS-Communication interface then this is my only option to get the Primary and Standby devices to sync databases.


As I have internal access between both sites where the GSS are to be deployed my initial thinking was to alloww GSS-Communications over Ethernet 1 interface on the Internal Network, whilst servicing DNS on Ethernet 0 which is on a DMZ.


regards


Ian.

Actions

This Discussion