cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
StanPZ
Level 9
Report Inappropriate Content
Message 1 of 3
‎05-13-2020 07:15 PM

MWG - route the traffic via two ISP

Jump to solution

Hi everybody,

I hope you are doing well.


How to split internet traffic to two ISP or redirect specific traffic to second ISP without to use next hop Proxy. For example if MWG Is working in proxyha mode and has 2 separated ethernet adapters, each one connected to a different ISP. Should we use static route based on destination to route specific traffic via second interface? What about if the MWG works as a standard standalone proxy with one nic - should we use  Virtual ip (Allias) on main interface and static routing?
I will be glad to find more information how this function works in different situation, what are network prerequisites - as a general discussion. 

Thank you!

 

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Accepted Solutions
aloksard
Employee
Employee
Report Inappropriate Content
Message 3 of 3
‎05-14-2020 12:58 AM

Re: MWG - route the traffic via two ISP

Jump to solution

Hi,

Hope you are doing well.

 

Also say if you have multiple interfaces configured on MWG above scenario can be achieved using below as well:-

 

Get Microsoft‘s O365 IPs and set up a dedicated route using a different gateway and let the rest use default route.

 

So you can make use of routing configuration as to route traffic across interfaces.

 

Also with single interface you can have various routes present with different default gateways if required, it all depends upon your network architecture.

 

Regards

Alok Sarda

View solution in original post

Reply
2 Replies
aloksard
Employee
Employee
Report Inappropriate Content
Message 2 of 3
‎05-14-2020 12:52 AM

Re: MWG - route the traffic via two ISP

Jump to solution

Hi,

Hope you are doing well.

 

Say you have an MWG configured as standalone explicit proxy with eth0 interface configured, ahead of MWG their is a firewall which has your 2 ISP's terminated.

 

Below is an suggestion  which  you can try implementing and see if they help to achieve your requirement:-

 

1) There is a new feature in MWG 7.5.0 onwards that lets you specify the Outbound.IP address on it.

 

Currently you have assigned an IP Address on the interface though which traffic goes outbound to your next hop which is your firewall say.

 

For eg eth0 is the interface which has an IP Address currently 1.1.1.1.

 

Currently all traffic initiated from MWG towards outside will have source IP Address as 1.1.1.1, so firewall will see all traffic coming from source address 1.1.1.1

 

You can create an Alias IP Address on this interface say 1.1.1.2 on this interface. You can have a look at product guide regarding configuring Alias IP Address.

 

Now lets say you want all Office 365 traffic to be routed via ISP 2 and remaining all traffic via ISP 1.

 

You can  make use of our default Bypass Office 365 services rule set  which has rules related to Office  365  traffic   in which you can configure events accordingly , then the proxy sends it web request out using Alias IP Address 1.1.1.2  to the default gateway.

 

Rest all traffic  can be sent out  using IP Address 1.1.1.1

 

Once these request reaches your firewall their they can differentiate if traffic is coming from 1.1.1.2 IP Address that means it coming for Office 365 traffic so route traffic through ISP2 and if traffic is coming from 1.1.1.1 IP Address  then route traffic through ISP1.

 

Below is just for an example:-

 

Rules:

 

Forward Traffic

[?] Enabled [?] Disabled in Cloud

Applies to: [?] Requests [?] Responses [?] Embedded Objects

Always

Enabled

Rule

Action

Events

Comments

[?] Enabled        MWG1: Outbound.IP

Bypass Office 365 services rule set  has many rules         Continue              Enable Outbound Source IP Override(1.1.1.2)    

 

 

So here Alias IP Address can be used as an   option and make use of event Enable Outbound Source IP Override,

 

So here in MWG you need to call event Enable Outbound Source IP Override and rule criteria can be set to URL.Host/Bypass Office 365 services rule accordingly.

 

 

You can make use of below links for better understanding of this feature and its implementation:-

 

 

https://community.mcafee.com/message/428338#428338

 

 

You can also take a look at the product guide as well.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

 

Regards

Alok Sarda

Reply
aloksard
Employee
Employee
Report Inappropriate Content
Message 3 of 3
‎05-14-2020 12:58 AM

Re: MWG - route the traffic via two ISP

Jump to solution

Hi,

Hope you are doing well.

 

Also say if you have multiple interfaces configured on MWG above scenario can be achieved using below as well:-

 

Get Microsoft‘s O365 IPs and set up a dedicated route using a different gateway and let the rest use default route.

 

So you can make use of routing configuration as to route traffic across interfaces.

 

Also with single interface you can have various routes present with different default gateways if required, it all depends upon your network architecture.

 

Regards

Alok Sarda

Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC