06-05-2013 07:37 AM
I have 3 separate domains on my network and they are not trusted together. On my main domain where the firewall is installed the agent shows green, however when I install the agent under the remote domains (on different subnets across the country) the icon is red. The settings match my 2 main domain controllers that are working. When I look at the remote DCs they are reading the log files. Also port 5007 is reachable from the outside. Any thoughts on why they aren't connecting? I am not seeing any details as to why.
06-05-2013 12:01 PM
My Management ip and default gw are on a completely different subnet than my LAN on eth1/2 will this matter?
06-05-2013 12:05 PM
why don't you use default gateway as eht1/2 ip ? I think you can.
06-05-2013 12:26 PM
All of our network management is on a separate subnet such as firewall, switches, etc... we do not put the management on the same as the LAN typically. Is this what is causing the issue perhaps? 2 of my domain controllers are on the same subnet as the LAN interface and those work without issue even through the traffic goes out the management interface. It just affects the remote DCs.
06-05-2013 12:31 PM
So try to write 2 route for these 2 ip address forward them to eth1/2
you'll write these routes to management route table(service route) not virtual router
06-05-2013 12:34 PM
So I have a better understanding of how the firewall works, is the behavior that i am seeing by design where subnets somewhere down the line do not directly work like I am experiencing?
06-05-2013 12:41 PM
That depends on topology.Service route can be configured with many options.
06-07-2013 10:41 AM
Usually the management IP address is used to access the userID agent
If you have a UserID agent running on a DC that is on a different subnet than the management IP address then you'd have to ensure that there exists a route in your internal network permitting traffic exchange between the UserID agent and the management interface . You can also create a service route (under management Set up) for the User ID traffic to be allowed to pass through the dataports to the UserID agent.
06-07-2013 10:47 AM
Please ensure you can ping the UserID agent server from the management interface - if not using the service route option
So basic connectivity and access to the ports mentioned above are imperative
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
