We are currently "test driving" a set of Ironport encryption appliances and there is (for this moment) one thing that we can't figure out.
A little background:
We are planning to use the machines as S/MIME (and maybe PGP) encryption/decryption systems only. We are (currently) not interested in all the other nice features offered (but force us to connect the systems directly to the internet). This means we can place the machines into our Fully Trusted network Area(FTA) and use all the nice network facilities available in this area. One of the important ones is network connection redundancy (Interface Bonding).
I'm sure the C series can be configured to combine DATA1 and DATA2 as a high availability (bonded) network interface and I'm also sure the operating system that is used by the encryption systems (CentOS) supports bonding.
I have searched the HTML interface but can not find the option to enable bonding.
I know I can hack the Linux configuration but am a little afraid to do this. For the moment it's not possible for us to oversee the impact on the total system (that's really a good thing about AsyncOS interfaces, we all know it's a FreeBDS system but also know exactly what actions we can do safely, if it's not available on the CLI or GUI, you can not use it (example: IPv6 is supported by FreeBSD but the GUI and CLI do not offer the possibility to configure it so it's not available, that's totally clear!)
Re: Network interface bonding on Encryption Appliance
As you mentioned in your POST, the operating system of CentOS does indeed support Bonding and I have configured the IronPort Encryption Appliances to support bonding but it is not "officially" supported and therefore is not recommended at this time. So to answer your last question: I would not configure nic bonding on the IronPort Encryption Appliance.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...