Transparent Deployment Using Layer 4 Switch

Hi,
Just want to ask how to deploy WSA Ironport on transparent mode on layer 4 Switch.
I believe it is just deployed by choosing Layer 4 on Transparent Redirection on WSA Ironport.
But the question is, what will I need to configure to my Layer 4 switch for it to redirect traffic to WSA?
I'm trying to connect it to a hp procurve layer 4 switch to use transparent redirection.
Can someone clarify how to deploy it?
Thanks

Make sure your swtich can do it:
http://h30499.www3.hp.com/t5/Switches-Hubs-Modems-Legacy-ITRC/HP-Procurve-2626-Policy-based-routing/td-p/5421071
I did some digging and didn't find any decent docs on setting it up... but if you take your drawing from the L4TM question you posted, you want to set up a policy that for the "security vlan" so that all IP traffic on the web ports you want to monitor (80, 443, plus others you might want) gets sent to the IP of the WSAProxy
Here's a bit I lifted from a post on HP's site:
http://bizsupport2.austin.hp.com/bc/docs/support/S​upportManual/c03015541/c03015541.pdf
You'll want to have a look through Chapter 8 for the configuration. You've got to basically configure a traffic class, configure policies for it, and then apply it (in this case) to each of the VLANs you want it for.
What kind of firewall are you using?  If its a Cisco ASA, it would actually be simpler to do WCCP to the WSA...

Similar Messages

  • SharePoint 2013 deployed using Layer 2 network; considered stretched Farm?

    Planning to deploy SharePoint 2013 in different DC’s, the distance is 130 Kms between DC’s. The bandwidth is 100GB but latency is <20ms
    but it’s a layer 2 network. Is this deployment considered to be a stretched Farm?
    Mohammed Asif Kazi

    are both DC on same domain? what about the servers, will all in the same DC or they spread across DCs?
    with the latency you mentioned, this is not supported. It is highly recommended,avoid it as much as you can.
    check the below blogs, for more information.
    http://social.technet.microsoft.com/Forums/sharepoint/en-US/a7780b9c-4932-4064-b5b2-2b91948ddc96/sharepoint-2013-stretched-farm?forum=sharepointadmin
    http://technet.microsoft.com/en-us/library/cc748824(v=office.15).aspx#CfgStretchedFarm
    Please remember to mark your question as answered &Vote helpful,if this solves/helps your problem. ****************************************************************************************** Thanks -WS MCITP(SharePoint 2010, 2013) Blog: http://wscheema.com/blog

  • Why use layer masks and adjustment layers?

    I've been using PSE and CS successfully for years.
    One thing I have never understood is: why use layer masks and adjustment layers, instead of simply creating a copy of the subject layer (the one I want to make changes to) and experimenting with that?  It's quick (Ctrl-J), I can do it as many times as I want, I'm not affecting my Background layer.  If I like the changes, I can keep them.  I can switch the copy on and off to compare with the Background layer.  I can do any type of blend or combination I desire.  I can insert Gradient layer(s), select any part of the copy and (Ctrl-J) create a new layer containing only the selected part.  I can adjust size, rotate, do anything.
    It almost seems that "layer mask" and "adjustment layer" are mainly another layer of terminology; can anyone explain (preferably in 50 words or less) how they are intrinsically different from or superior to working with copies of the Background layer?  What can be done with them that can't be done simply using copies of the Background layer?

    Here's a very basic example of the advantage of using a layer mask.
    I have this picture of a sunflower and I want to convert the background to black & white, leaving just the flower in color.  I duplicated the Background layer, converted it to B&W and proceeded to use the Eraser to uncover the flower color. But I made a mistake and erased outside the flower.  There is no way to correct this other than deleting the layer and starting again.
    Now let's use a layer mask on the B&W layer. Set the Foreground/Background colors to the defaults black/white. Using the Brush tool paint on the mask with black to reveal the color.  Here I painted too far, revealing a green leaf in the background.  No need to start over.  Simply switch to white and paint the excess to convert back to the B&W.
    Tip: while painting you can type "X" to toggle between black and white.
    You could also select the flower using the various selection tools and then fill the selection with black. If it turns out the selection was not 100% accurate you can then fine-tune the result by painting on the mask with black or white as necessary.

  • Using IF or SWITCH functions inside a DAX formula into a tabular model - SSAS 2012

    Hi,
    in a tabular model I've changed a DAX formula introducing the SWITCH function, but when I deploy the changed formula and open the Excel workbook the slicer connected to the pivot table doesn't highlight the slicer values involved as instead of old formula.
    Any suggests to me in order to maintain the right behaviour for the slicers when a formula is re-written using an IF/SWITCH functions, please?
    Thanks

    I think that is the default behaviour and I can find a few justifications for it too...
    For eg, if you have a complex IF condition, the measure will have to be evaluated for each value of the slicer for correctly finding the right values in the slicer to highlight, and that can make it REALLY slow.
    Also, sometimes there is no correct values to highlight. For eg, if I have the products in the slicer and have a condition like
    =IF(HASONEVALUE(Product[Product]),1)
    then which Product should be highlighted? There is no correct value as any one of the Product selected on it's own will display value for the measure. And more than one products selected will display no value. So no matter what you display/highlight on the
    slicer, there is no "correct" behaviour. In such a case, it is best left to display/highlight all values.
    Cheers,
    Jason | www.SqlJason.com
    P.S. : Please click the 'Mark as Answer' button if a post solves your problem! :)

  • How do you take information from one layer and switch it to another?

    I am trying to figure out how to take pictures and text that I have already placed on one layer and switch it to another layer. I have like 50 pages worth of information and I am trying to look for the easiest way to do this. In illustrator and Photoshop, its pretty easy. Wanting to know if it is the same because I have been trying but it is not there. Just in case it matters, Im using CS5 on a pc. Help is greatly appreciated.

    Hi Martin,
    Please follow the below steps.
    Step 1
    Create the separate layer. Select the content you want to move.
    Step 2
    Go to check layer panel, near the pen symbol icon, the below box drag to move up to the image layer, see sample
    Step 3
    This option use spread wise content, it will complete the task with fast. If more faster, please raise as question to Scripting Forum, they can suggest the tool.

  • 12c SOA multiple composite deployment using maven

    Hi,
    I am facing issue with 12c SOA composite deployment using maven. I execute the below command for deploying any composite.
    mvn pre-integration-test –f soa-pom.xml –Dcomposite.name=TestMVNProj –Dcomposite.version=1.1
    Issues:
    As seen above by using above command m able to deploy single composte.But i want to deploy multiple composite belongs to  same application or Different something like below.
    AIM- mvn pre-integration-test –f soa-pom.xml –Dcomposite.name=TestSOAProj1,Project2
    Is there any way to achive this please guide me far same
    In any senerio not only is soa composite.can any one guide me how to deploy multiple projects using maven scripts.
    Thanks in Advance
    Prabhat

    Hi Markus,
    I have tried it with profiling its works . thanks!!!! but some how still i was not able to achieve what i want.
    But thanks for you kind references i have done it by using and maven cmd line switch -pl .Now i can exclude.include modules  dynamically.
    For example;-
    <modules>
        <module>Mvntest1</module>
        <module>MvnDeploymentTest</module>
         <module>MvnDeploymentTest2</module>
        </modules>
    I have multiple module  in my parent pom.xml and if i want to deploy only top 2 of  them.
    # mvn pre-integration-test -pl +Mvntest1,+MvnDeploymentTest   (This only support maven version 3.2.1 and above)
    its working fine :-
    Note:- when we using -pl  if we want to include modules we can give module name with "+"sign and for exclude "- or !" we can give multiple module name separated with "," delimiters .
    THANKS MARKUS!!!!!
    **********************************Happy Deployments*************************************
    Regards
    Prabhat

  • Transparent Gradient Adjustment Layer

    I would like to create an adjustment layer (so I can easily tweak it later) that creates the exact same effect as a gradient tool in the follwing example.  I for the life of me can't figure out how to do it, maybe it's just not possible...
    Using the gradient tool to create a mask I can easily get this result (note the gradient fades the image but maintains a transparent background):
    Using a gradient adjustment layer I am forced to choose a color (white to transparent) and I get this:
    I want the the former (transparent fade) so I can easily drop it over any color background later, but I want to later so I can easily adjust the % of fade later.
    Is there any way to make a gradient adjustment layer fade to transparent?  I thought maybe some combination of layer blending would accomplish it, but haven't been able to figure it out.  I'm trying to keep it simple, but it's ok if the solution is a little complicated as I plan to automate it into an action that'll be applied to dozens, maybe hundreds, of images.

    »Is there any way to make a gradient adjustment layer fade to transparent?«
    Obviously, because that’s what Your gradient is – white from 100% opacity to 0%.
    Transparency is a feature of the layer, its blending settings, clipping masks, any masks applied to it or the containing groups … – so it cannot be added »on top«, as You seem to assume.
    If I understand correctly You want to use it as a mask for another layer.
    One way to achieve that would be to place the gradient (X% opacity to Y%) below the layer You want to mask, convert it to a Smart Object (or rasterize it), set its Fill to 0%, turn off Blend Clipped Layers as a Group in the Blending Options and create a Clipping Mask (alt-click on the line between the gradient and the layer above in the Layers Panel).
    Changing the fade would then necessitate opening the SO and making the changes there, so convenience-wise that’s not so great.
    But maybe someone else has a better idea.
    Incidentally: Your screenshot seems to indicate that You don’t make use of Smart Objects to automatically update the »reflection« with the upper object and You might want to consider it.

  • Dynamic VLAN assignment and Layer 3 switching on 300 series

    I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.
    So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right?
    I'm new to VLAN configuration and layer 3 switching so I wanted to check my understanding. Doesn't this limitation significantly reduce the usefulness of the DVA feature?
    I may well be confused and missing something regarding how this is typically used..

    Hello Glenn,
    Your concept about packet forwarding is correct. With a layer 2 switch, there must be something directing traffic with multiple subnets for intervlan communication or something that provides an IP route to give the request a path back for the request.
    The usefulness for the DVA feature, is not particularly limited to the switch as the switch will correctly assign the VLAN for you, as VS the L3 switch mode, you're dealing with IP addresses. In any scenario, you're going to require a router to get to the internet since the switch does not support NAT.
    Additionally, if you're router does not support VLAN, the L3 switch feature would still be the solution since you should be able to make a static route pointing back to the switch to allow any subnet to traverse the single media. It would still beg the question, how to assign VLAN dynamically.
    The answer, although (in my opinion is terrible) would be GVRP.  But, this application would require ALL of your network cards to be GVRP Enable / Capable which most likely is not the scenario for you (or most anyone else for that matter).

  • Layer 3 switches vpn

    I have a question, it is possible to use a layer 3 switches to set up VPN tunnels?

    Actually, it is only posible on Catalyst 6500 Switches with an special line card for VPN hardware-encryption.
    DL.

  • Need ASA 9.x Etherchannel example w/ layer 2 switch config

    Hello there:
    Could anyone please point me to example configurations of Etherchannel on an ASA 9.x, connecting to a layer 2 switch?  I need to see how the switch is configured as well.
    Thank you.

    Hi,
    I have configured Port channel with Cisco 2960S switch. Here is the below configuration example. If the answer is correct please Comments.
    fw-01# sho port-channel summary
    Flags: D - down P - bundled in port-channel
    I - stand-alone s - suspended
    H - Hot-standby (LACP only)
    U - in use N - not in use, no aggregation/nameif
    M - not in use, no aggregation due to minimum links not met
    w - waiting to be aggregated
    Number of channel-groups in use: 1
    Group Port-channel Protocol Span-cluster Ports
    ------+-------------+---------+------------+------------------------------------
    11 Po11(U) LACP No Gi0/1(P) Gi0/0(P)
    interface GigabitEthernet0/0
    description *** Connected to CORE-SW-01 ***
    channel-group 11 mode passive
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet0/1
    description *** Connected to CORE-SW-01 ***
    channel-group 11 mode passive
    no nameif
    no security-level
    no ip address
    interface Port-channel11
    description *** Connected to CORE-SW ***
    nameif outside
    security-level 100
    ip address 10.98.8.90 255.255.255.248 standby 10.98.8.91
    ================Switch====================
    interface Port-channel12
    description *** Port-Channel Used for DC-INSIDE-FW-1-IPS***
    switchport access vlan 912
    interface GigabitEthernet1/0/21
    description **** inside Firewall 01 ***
    switchport access vlan 912
    channel-protocol lacp
    channel-group 12 mode active
    Please let me know your topology.

  • HSRP with layer 2 switching

    I configure HSRP on two layer 3 switches (Switch A-Switch B), Sw A is connected to Router A, Sw B is connected to Router B
    But I want to use also the Layer two features of my switch
    - is it possible to use these switches also for LAN ?
    lets say there is a simple LAN with 1 VLAN and 10 PCs. PCs have two ethernet ports, they are directly connected to L3 switches redundantly.
    thanks for helping

    thanks Martin
    I want all of my PCs (total ten) in the same subnet
    so what should I do is:
    1. configure 10 ports of the L3 switch as switchport under VLAN 1 (these ports will conect ten PCs on the same subnet)
    One port of Switch A will be connected to router A (2610),
    One port of Switch B will be connected to router B (2610). So;
    2. Configure one port of the each L3 switches as 'no switch port' and assign IP addresses. Since they are not switchports, I shouldnt create VLAN for them.
    3. Configure HSRP
    4. Configure EIGRP or OSPF
    AFTER ALL: there is one VLAN that connects all PCs,there is one Layer 3 port on each Switches. And systems work :-)
    Could you please confirm If I properly understand your post?
    thank you very much for helping

  • Connect Nexus 5548UP-L3 to Catalyst 3750G-24T-E Layer 3 Switch

    Please help!
    Could anyone out there please assist me with basic configuration between Nexus Switch and Catalyst Switch, so that devices connected on the catalyst switch can talk to devices connected on nexus switch and vice-versa? In my current setup all servers on VLAN 40 are connected on the Catalyst Switch A as shown in the diagram below, and all desktops and all other peripherals are connected on the Catalyst Switch B.  I am required to implement/add a new Nexus Switch 5548 that in the future will replace the Switch A. From now I just need to connect both switches together and start moving the server from Switch A to the Nexus Switch.
    The current network setup is shown as per diagram below:
    SWITCH A – this is a layer 3 switch. All servers are connected to this switch on the VLAN 40.
    SWITCH B – all desktops, VoIP telephones, and printers are connected on tis switch. This switch is also a layer 3 switch.
    I have connected together the Nexus 5548UP and SWITCH A (3750G) using the GLC-T= 1000BASE-T SFP transceiver module for Category 5 copper wire. The new network is shown as per diagram below:
    Below is the configuration I have created in both Switches:
    SWITCH A - 3750G
    interface Vlan40
    description ** Server VLAN **
    ip address 10.144.40.2 255.255.255.128
    ip helper-address 10.144.40.39
    ip helper-address 10.144.40.40
    interface Vlan122
    description connection to N5K-C5548UP Switch mgmt0
    ip address 172.16.0.1 255.255.255.128
    no ip redirects
    interface Port-channel1
    description UpLink to N5K-C5548UP Switch e1/1-2
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,30,40,100,101,122
    switchport mode trunk
    interface GigabitEthernet1/0/3
    description **Connected to server A**
    switchport access vlan 40
    no mdix auto
    spanning-tree portfast
    interface GigabitEthernet1/0/20
    description connection to N5K-C5548UP Switch mgmt0
    switchport access vlan 122
    switchport mode access
    spanning-tree portfast
    interface GigabitEthernet1/0/23
    description UpLink to N5K-C5548UP Switch e1/1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,30,40,100,101,122
    switchport mode trunk
    channel-group 1 mode active
    interface GigabitEthernet1/0/24
    description UpLink to N5K-C5548UP Switch e1/2
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,30,40,100,101,122
    switchport mode trunk
    channel-group 1 mode active
    N5K-C5548UP Switch
    feature interface-vlan
    feature lacp
    feature dhcp
    feature lldp
    vrf context management
      ip route 0.0.0.0/0 172.16.0.1
    vlan 1
    vlan 100
    service dhcp
    ip dhcp relay
    interface Vlan1
      no shutdown
    interface Vlan40
      description ** Server VLAN **
      no shutdown
      ip address 10.144.40.3/25
      ip dhcp relay address 10.144.40.39
      ip dhcp relay address 10.144.40.40
    interface port-channel1
      description ** Trunk Link to Switch A g1/0/23-24 **
      switchport mode trunk
      switchport trunk allowed vlan 1,30,40,100-101,122
      speed 1000
    interface Ethernet1/1
      description ** Trunk Link to Switch A g1/0/23**
      switchport mode trunk
      switchport trunk allowed vlan 1,30,40,100-101,12
      speed 1000
      channel-group 1 mode active
    interface Ethernet1/2
      description ** Trunk Link to Switch A g1/0/24**
      switchport mode trunk
      switchport trunk allowed vlan 1,30,40,100-101,122
      speed 1000
      channel-group 1 mode active
    interface Ethernet1/3
      description **Connected to server B**
      switchport access vlan 40
      speed 1000
    interface mgmt0
      description connection to Switch A g2/0/20
      no ip redirects
      ip address 172.16.0.2/25
    I get a successful response from Server A when I ping the N5K-C5548UP Switch (VLAN 40 interface (10.144.40.3) .But if I try to ping from Server A to Server B or vice-versa the ping fails. From N5K-C5548UP I can ping successful either Server A or Server B. What am I doing wrong here? Is there any additional configuration that I need to add on the Nexus Switch? Please Help. Thank you.

    no, no secret aukhadiev
    I made a mistake without realising and the interface e1/3 was showing "Interface Ethernet1/3 is down (Inactive)". After spending sometime trying to figure out what was wrong with that interface or switch, it turned out to be that i forgot to add the vlan 40. Now the config looks like this:
    N5K-C5548UP Switch
    feature interface-vlan
    feature lacp
    feature dhcp
    feature lldp
    vrf context management
      ip route 0.0.0.0/0 172.16.0.1
    vlan 1
    vlan 40
    vlan 100
    service dhcp
    ip dhcp relay
    interface Vlan1
      no shutdown
    interface Vlan40
      description ** Server VLAN **
      no shutdown
      ip address 10.144.40.3/25
      ip dhcp relay address 10.144.40.39
      ip dhcp relay address 10.144.40.40
    interface port-channel1
      description ** Trunk Link to Switch A g1/0/23-24 **
      switchport mode trunk
      switchport trunk allowed vlan 1,30,40,100-101,122
      speed 1000
    interface Ethernet1/1
      description ** Trunk Link to Switch A g1/0/23**
      switchport mode trunk
      switchport trunk allowed vlan 1,30,40,100-101,12
      speed 1000
      channel-group 1 mode active
    interface Ethernet1/2
      description ** Trunk Link to Switch A g1/0/24**
      switchport mode trunk
      switchport trunk allowed vlan 1,30,40,100-101,122
      speed 1000
      channel-group 1 mode active
    interface Ethernet1/3
      description **Connected to server B**
      switchport access vlan 40
      speed 1000
    interface mgmt0
      description connection to Switch A g2/0/20
      no ip redirects
      ip address 172.16.0.2/25
    Thank you,
    JN

  • Block external webaddress from layer 2 switch

    Dear all,
    I am trying to permit a website address 130.x.x.x from layer 2 switch, all other traffic should be denied.
    I am trying this by:
    access-list 15 permit host 130.x.x.x
    access-list 15 deny any
    and then applying it to interface fa0/5 in
    this results in blocking all the traffic and don't permit the required address.
    Layer 2 switch doesn't support ACL to be applied on OUT interface.
    Please advise.

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    Another way to accomplish this, is to place the necessary commands into a file placed on the device's local flash.  Then you just copy the file from flash to the running config.
    Like Peter's posting, I too would recommend a timed reload.  (I also normally use a five minute time.)
    This technique, or Peter's, can also be used to even change the attributes of the interface being used for remote connectivity.

  • Cisco Asa 5505 and Layer 3 Switch With Remote VPN Access

    i got today a new CISCO LAYER 3 Switch .. so here is my scenrio
    Cisco Asa 5505
    I
    Outside  == 155.155.155.x
    Inside  =      192.168.7.1
    VPN POOL Address =   10.10.10.1   -   10.10.10.20
    Layer 3 Switch Config
    Vlan 2
    interface ip address =  192.168.1.1
    Vlan 2
    interface ip address =  192.168.2.1
    Vlan 2
    interface ip address =  192.168.3.1
    Vlan 2
    interface ip address =  192.168.4.1
    Vlan 2
    interface ip address =  192.168.5.1
    ip Routing
    So i want My Remote Access VPN clients to access all this Networks. So Please can you give me a helpfull trick or Link to configure the rest of my routing
    Thank You all

    When My Remote VPN is Connected , it reaches 192.168.7.2 of the Layer 3 VLan that's Connected to The ASA 5505 ,
    But i can't reach the rest of the VLAN - example
    192.168.1.1
    192.168.1.2
    192.168.1.3
    192.168.1.4
    192.168.1.5
    But i can reach the Connected Interface Vlan to My ASA ..
    So here i think iam miss configuration to my Route
    Any Help Please this is urgent

  • Multi-layer/layer3 switch VS. Router

    Multi-Layer Switch or Layer3 switch vs. router; How they are different?
    1.7

    In a router the route calculation and packet processing take place in the software on layer 3. This means that packets need to be moved from the layer 2 hardware interface to layer three and so it takes some time. In a layer 3 Switch Routing calculations takes place at layer 3 in hardware or software, while the actual packet processing takes place at layer 2. The speed gain is accomplished by reducing the amount of features supported and moving as much logic as possible into hardware.

Maybe you are looking for

  • How/why would I use iTunes app on iPhone?

    I enjoy using my iPod app on my iPhone, and regularly sync it with iTunes on my MacBook. Works great. What confuses me is the iTunes icon on the home screen of my iPhone. What's it for? When would I use it? How does it relate to the setup of iTunes o

  • Issue deleting websites on newly purchased Ipad 4

    Hey everyone, I recently purchased an iPad 4. While browsing the web using Safari, I noticed that the Newegg website was showing as a website recently visited. It had a web address link to it..  The odd thing was, I had never visited the website from

  • Release Strategy Doubt

    Dear experts, We have a requirement to display the name of the persons who released the PO or RFQ in the report output. I could refer to the tables T16FS and T16FW to display the authorized person for that particular release group and release code. F

  • Customizing out-of-box query application

    Hello! We are using the out-of-box query application on SES 10.1.8.4.0. We have created an XSLT stylesheet for rendereing search results and configured it in SES. We have two questions: 1. Our customer would like the SES score to be shown for each hi

  • Require technical advice for designing XML database

    Dear Fellows I need your technical advice for the way storing the XML files into the database. We have experiments that produces more than 300 XML files. I want to store them in the database. There should be a mechanism (way) to store XML files relat