Peplink balance and UTM (cyberoam) issue

Ayach_Mohamed · October 24, 2013, 1:45am

Dear sears,

This is my first post on this forum so bear with me.

I have an “issue” with the load balance since we put an UTM (cyberoam) in the system. AM not able to force a route anymore since it recognizes only the utm interface.

Best regards.

Ron_Case · October 24, 2013, 5:49am

If there is a NAT device on the inside of the Balance, you can no longer identify individual LAN clients as the source for outbound policy rules. You can still use the destination or protocol however, for the enforced outbound policy rules.

Ayach_Mohamed · October 24, 2013, 4:59pm

Yes there is one but it can forward the real IP address of the source. I just uncheck the NAT box for the firewall rule.

Malay7 · October 30, 2013, 3:30pm

Hi Ayach,

I am not very clear with your question. I presume that you have terminated more than 2 links on Cyberoam, and it doesn’t load balance. If that’s correct, please ensure followings:-

Check your Gateway Status under System —> Gateway. If one of them is red, that means the gateway is down or fail-over detection rules under that Gateway is mis-configured.
Also, under Firewall rule you have set to ‘Load Balance’ under Advance settings.

In case if the issue still persist, please drop an email at [email protected].

Regards,
Cyberoam Technologies

Ayach_Mohamed · October 31, 2013, 12:03am

Hello,

°I have one line going from the UTM to the peplink.
°the peplink has to balance using IP addresses since the UTM is Layer 2 device.
°under UTM I can uncheck NAT so that the UTM use the machine IP instead of the UTM interface for all machines.

What do you think possible or not possible?

Thx in advance.

Malay7 · October 31, 2013, 1:34pm

Hi Ayach,

When you say UTM is in layer 2, do you mean that Cyberoam is deployed in Bridge mode? If yes, than you may not see NAT option, because Cyberoam shall act as true bridge and it shall do NAT and Peplink should always see clear IP address.

If Cyberoam is deployed in Gateway mode (NAT/Route Mode), you can uncheck NAT but than you have to ensure that static routes (reverse) are configured on peplink point back to Cyberoam for all LAN subnets which are behind Cyberoam device.

Regards,
Cyberoam Technologies

Ayach_Mohamed · October 31, 2013, 5:30pm

Hello Malay7,

Very helpful post now I feel like am approaching some kind of solution. so when you say I have to ensure that static routes (reverse) are configured on peplink point back to Cyberoam for all LAN subnets which are behind Cyberoam device you mean for example if I have 192.168.1.x I should have a static route from within the peplink pointing back to the cyberoam?
if it is true, could you please provide more details cause under status in peplink I have one client which is the cyberoam interface. connected to the peplink.

thank you Malay7.

Malay7 · October 31, 2013, 5:41pm

Hi Ayach,

For e.g.
Cyberoam LAN IP: 1.1.1.X
Cyberoam WAN IP: 2.2.2.1
Cyberoam WAN Gateway: 2.2.2.2
Peplink IP: 2.2.2.2

So, if you disable NAT on Cyberoam you would need to create a static route on peplink for 1.1.1.x point to Cyberoam’s WAN i.e. 2.2.2.1.

Hope this helps.

Regards,
Cyberoam Technologies