Alcatel-Lucent AOS-W 6.5.3.x - Sample Route-Mode ESI Topology

To Next Page

To Previous Page

In the CLI

showesiparserstats

Sample Route-Mode ESI Topology

This section introduces the configuration for a sample route-mode topology using the switch and Fortinet Anti-

Virus gateways. In route mode, the trusted and untrusted interfaces between the switch and the Fortinet

gateways are on different subnets. The following figure shows an example route-mode topology.

ESI with Fortinet Anti-Virus gateways is supported only in route mode.

Figure 233 Example Route-Mode Topology

In the topology shown, the following configurations are entered on the switch and Fortinet gateway:

ESI server configuration on switch

n Trusted IP address = 10.168.172.3 (syslog source)

n Untrusted IP address = 10.168.171.3

n Mode = route

IP routing configuration on Fortinet gateway

n Default gateway (core router) = 10.168.172.1

n Static route for wireless user subnet (10.168.173.0/24) through the switch (10.168.171.2)

Configuring the Example Routed ESI Topology

This section describes how to implement the example routed ESI topology shown in . The description includes

the relevant configuration—both the WebUI and the CLI configuration processes are described—required on

the switch to integrate with a AVF server appliance.

The ESI configuration process will redirect all HTTP user traffic to the Fortinet server for examination, and any

infected user will be blacklisted. The configuration process consists of these general tasks:

n Defining the ESI server.

AOS-W 6.5.3.x | User Guide External Services Interface | 1058