[Sidewinder] ESXi in a DMZ - can't keep a console going
Sidewinder moderated discussion list
sidewinder at adeptech.com
Tue Oct 20 16:19:30 EDT 2009
On Tue, Oct 20, 2009 at 11:50, Sidewinder moderated discussion list
<sidewinder at adeptech.com> wrote:
> Hello,
>
>> I've got a pair of sidewinders in HA mode, andhave put an ESXi box in
>> the DMZ. I've configured ports 902/903/8333 to be allowed bot to and
>> from the DMZ to the one of the subnets on my trusted network (mine, in
>> IT).
>>
>> However, I can't keep the VI console going more than about a minute,
>> and I'm not seeing anything but allowed traffic in the GUI monitor,
>> and very little of that.
>>
>> Where should I be looking to better diagnose this problem?
>
> Use packet filters instead of proxies. I don't know in which
> way VI console is considered to violate protocol, but that
> fixed the problem for us and our customers.
>
> Kind regards,
>
> Patrick M. Hausen
> Leiter Netzwerke und Sicherheit
Unfortunately, it is already a packet filter, with 902, 903 and 8333 specified.
Also, I have checked "Enable stateful packet inspection", "Enable
Stateful session failover" and "Reset TCP connections after connection
timeout."
"TCP Session timeout" is at 15 seconds, "TCP idle timeout" is at the
default of 7200.
The Bi-directional checkbox is not selected.
I'll try enabling debugging logging, as soon as I figure out how.
Kurt
More information about the Sidewinder
mailing list