Unsolved
This post is more than 5 years old
16 Posts
0
2557
Isilon Integration with Antivirus
hi..
Thanks the response..I had gone through the mentioned white paper earlier today prior posting the question in community.
Customer just want us to provide the IP details from ISILON so he can add those ISILON IP's in ICAP server for successful connection between ICAP & ISILON.
So can i confirm customer it should be Node IP's (part of SMB Pool) which needs to communicate with ICAP server not the management IP's.
Regards
Imran Khan
imrankhani7
16 Posts
0
January 29th, 2017 21:00
Further to my above note , customer have added Isilon Management IP's in the ICAP servers to successful build the connection between ISILON & ICAP servers.
So the traffic is flowing on Management subnet between ISILON to ICAP(Anti virus) using 1Gige subnet but customer would like to use the Data Subnet (10 gige) instead Managemnet subnet for the traffic to flow between ISILON & ICAP server.
how this can be achieved to reroute the Antivirus traffic from management subnet to Data subnet.
Phil.Lam
1 Rookie
1 Rookie
•
573 Posts
0
January 30th, 2017 22:00
Do they have static 10G IPs? Can't they change to Data Subnet IPs (10G) in ICAP servers?
imrankhani7
16 Posts
0
January 30th, 2017 22:00
yes they do have SMB Pools (static 10gige IP's).
when they change to Data Subnet IP's(10gige) in ICAP servers the connection between ICAP & ISILON is lost where the ICAP server status changes from active to inactive in isilon.
Further if the add both Management (1Gige) & Data (10gige) IP's in ICAP server again the connection between ICAP & ISILON is lost.
Only the Connection is established with Management IP's in ICAP server where Antivirus scanning also works fine with these IP's in place.
but customer wants to use 10gige interface instead 1gige
imrankhani7
16 Posts
0
January 30th, 2017 22:00
1 gige are in system access zone...
10 gige are in Data Access zone... SMB pool belongs to Data Access zone which is using 10gige aggregation interface
Phil.Lam
1 Rookie
1 Rookie
•
573 Posts
0
January 30th, 2017 22:00
What Access Zones are the Static 10G IPs in? Are the 1G IPs in the System Access Zone?
imrankhani7
16 Posts
0
January 30th, 2017 22:00
ok I can try this out and will let you know if its going to work. i hope by placing the Data IP's of 10gige is system access zone will not impact the user connections to isilon and the performance.
will try this out and share the results.. thanks.
Phil.Lam
1 Rookie
1 Rookie
•
573 Posts
0
January 30th, 2017 22:00
I recall ICAP IPs has to be in System Access Zone. Can you put some 10G IPs in System Access Zone.
imrankhani7
16 Posts
0
January 30th, 2017 23:00
8.0.0.3
Phil.Lam
1 Rookie
1 Rookie
•
573 Posts
0
January 30th, 2017 23:00
BTW, What version of OneFS are you using?
Phil.Lam
1 Rookie
1 Rookie
•
573 Posts
0
January 30th, 2017 23:00
What Access Zones are the AV servers on? On management Zone?
imrankhani7
16 Posts
0
February 5th, 2017 21:00
Hi..
EMC Technical Support confirmed , ICAP servers can only be integrated with systemzone (1gige) and cannot be integrated with any other access zone which can use 10gige interfaces.
Regards
Imran khan
AndrewChung
132 Posts
1
February 6th, 2017 01:00
I would try this. Create a new 10 Gig subnet in the system zone. Make sure the gateway priority is at a lower priority (higher number) than the 1 Gig network. Then create static routes to the ICAP servers that go through the 10 GigE gateway. That should move the ICAP traffic to the 10 GigE ports.