This section enables you to modify the network addresses that were assigned to the Ethernet interfaces of this Location gateway. All addresses that have been defined for the Ethernet interfaces of the Corente Services Gateway are listed in the table in this section.
To add a new network interface to this list, select the Add button. You can also Edit or Delete an existing interface. When Add is selected, you must select the type of configuration that your Corente Services Gateway will use and the interface that you want to define.
Peer Configuration
The Peer configuration is a Corente Services Gateway with a single Ethernet interface. The Peer Corente Services Gateway is added to an already existing LAN consisting of the machines that will be participating in the application network. It requires additional routing or server configuration to ensure that packets destined for a partner Location get routed to the local Corente Services Gateway first.
If your Corente Services Gateway is a Peer, select the WAN/LAN interface option and click OK to add or edit the interface.
Addressing and DNS: You supplied your addressing and DNS preferences using the Location Wizard. These preferences are shown in this window, but can be changed at any time.
GRE Tunnels: This window enables you to configure use of a GRE (Generic Routing Encapsulation) tunnel for the LAN. Select the Use GRE Tunnel checkbox and enter the IP address for the tunnel.
IP addresses in the 10.x.x.x range are not supported for GRE tunnels.
Proxy Server: This window enables you to indicate whether or not a proxy server is installed between this Corente Services Gateway and the Internet. There are two types of proxy supported, SOCKS and Web.
Internet Access via Proxy Server: Check this box if your Location gateway connects to the Internet from behind a proxy server.
Proxy Type: In the drop-down list, select SOCKS or Web. Select SOCKS if your proxy server provides SOCKS V4/V5 server support in order to interoperate with the Corente Services Gateway. When this is selected, the Proxy IP Address and Port fields will be enabled and must be filled in. If the proxy server is a web proxy, select Web and the Proxy IP Address and Port fields will be enabled and must be filled in.
Proxy IP Address: If you check Internet Access via Proxy Server, enter the IP address of the proxy server that your Corente Services Gateway operates behind. Even if your Corente Services Gateway is a DHCP client, you must determine the address of the proxy and enter it here.
Proxy Port: If you check Internet Access via Proxy Server, you must enter the port number that your proxy server uses. This must be specified to allow the automatic Corente Services Gateway software updates to occur on your Corente Services Gateway. The default port is 80, which is used by most proxy servers.
Additional configuration is required when your LAN includes a proxy server. You must make sure that all the computers on the same subnet as your Corente Services Gateway change the settings of their web browser to bypass the proxy server for local addresses and to specifically exclude the IP Address of the Corente Services Gateway.
Similarly, if you need to access the App Net Manager from a computer operating behind a proxy server, you must exclude the address of this application in your browser as well.
For example, if you are using Internet Explorer and you are operating behind a proxy server:
Select the Tools menu and choose Internet Options.
In the new window that opens, select the Connections tab.
Click the LAN Settings button when it appears. Make sure that the Use a proxy server checkbox is marked.
Enter the LAN IP Address and port number of the proxy server in the fields provided, and then make sure that the Bypass proxy server for local addresses checkbox is selected.
Click the Advanced... button right next to these fields and enter the IP Address of your Corente Services Gateway in the Exceptions list. Traffic destined for App Net Manager at
https://www.corente.com/appnetshould not be routed to the proxy server, either. If you are granting access to the App Net Manager application, enter the addresshttps://www.corente.com/appnetinto the Exceptions list as well.Click OK twice and your browser settings will be stored.
This process must be performed on each computer’s web browser in order for the computers to access the Corente Services Gateway and application network.
DHCP Servers: This window enables you to configure the Corente Services Gateway DHCP server that can distribute IP addressing information to computers on the Corente Services Gateway’s LAN, as well as to its Corente Client partners. click the LAN DHCP Server Configure button.
Interface Aliases: This window enables you to assign alias addresses to the LAN/WAN interface of the gateway. Alias addresses are used with the port forwarding feature, which directs traffic from the Internet/WAN through the gateway to servers on the LAN or in the DMZ.
Inline Configuration
The Inline configuration is a Corente Services Gateway with two Ethernet interfaces. One Ethernet interface is connected to the internal local area network (LAN). The other interface is connected to an external interface, which is typically the Internet access device for that location. All traffic must pass through the Corente Services Gateway in order to reach into and out of the internal local network.
If your Corente Services Gateway is an Inline, you must configure both a LAN and a WAN interface. You also have the option of configuring a secondary WAN interface, if you would like to use the Dual WAN feature, or a DMZ interface, if you will be using your Corente Services Gateway to implement a DMZ.
Addressing and DNS: You supplied your addressing and DNS preferences for both the LAN and the WAN interfaces in the Location Wizard. These preferences will appear each interface’s window, but can be changed at any time.
GRE Tunnels: This window enables you to configure use of a GRE (Generic Routing Encapsulation) tunnel for the LAN. Select the Use GRE Tunnel checkbox and enter the IP address for the tunnel.
IP addresses in the 10.x.x.x range are not supported for GRE tunnels.
DHCP Servers: The Edit LAN Interface window enables you to configure the Corente Services Gateway DHCP server that can distribute IP addressing information to computers on the Corente Services Gateway’s LAN, as well as to its Corente Client partners. Click the LAN DHCP Server Configure button.
Proxy Server: In addition to assigning addressing information, this window enables you to indicate whether or not a proxy server is installed between this Corente Services Gateway and the Internet. There are two types of proxy supported, SOCKS and Web.
Internet Access via Proxy Server: Check this box if your Location gateway connects to the Internet from behind a proxy server.
Proxy Type: In the drop-down list, select SOCKS or Web. Select SOCKS if your proxy server provides SOCKS V4/V5 server support in order to interoperate with the Corente Services Gateway. When this is selected, the Proxy IP Address and Port fields will be enabled and must be filled in. If the proxy server is a web proxy, select Web and the Proxy IP Address and Port fields will be enabled and must be filled in.
Proxy IP Address: If you check Internet Access via Proxy Server, enter the IP address of the proxy server that your Corente Services Gateway operates behind. Even if your Corente Services Gateway is a DHCP client, you must determine the address of the proxy and enter it here.
Proxy Port: If you check Internet Access via Proxy Server, you must enter the port number that your proxy server uses. This must be specified to allow the automatic Corente Services Gateway software updates to occur on your Corente Services Gateway. The default port is 80, which is used by most proxy servers.
Additional configuration is required when your LAN includes a proxy server. You must make sure that all the computers on the same subnet as your Corente Services Gateway change the settings of their web browser to bypass the proxy server for local addresses and to specifically exclude the IP Address of the Corente Services Gateway.
Similarly, if you need to access the App Net Manager from a computer operating behind a proxy server, you must exclude the address of this application in your browser as well.
For example, if you are using Internet Explorer and you are operating behind a proxy server:
Select the Tools menu and choose Internet Options.
In the new window that opens, select the Connections tab.
Click the LAN Settings button when it appears. Make sure that the Use a proxy server checkbox is selected.
Enter the LAN IP Address and port number of the proxy server in the fields provided, and then make sure that the Bypass proxy server for local addresses checkbox is selected.
Click the Advanced... button right next to these fields and enter the IP Address of your Corente Services Gateway in the Exceptions list. Traffic destined for App Net Manager at
https://www.corente.com/appnetshould not be routed to the proxy server, either. If you are granting access to the App Net Manager application, enter the addresshttps://www.corente.com/appnetinto the Exceptions list as well.Click OK twice and your browser settings will be stored.
This process must be performed on each computer’s web browser in order for the computers to access the Corente Services Gateway and application network.
Interface Aliases: The Edit WAN Interface screen enables you to assign alias addresses to the WAN interface of the gateway. Alias addresses are used with the port forwarding feature, which directs traffic from the Internet/WAN through the gateway to servers on the LAN or in the DMZ.
WAN Secondary Interface
The Dual WAN feature allows customers to set up WAN failover for a Corente Services Gateway from a primary WAN connection to a secondary WAN connection, to ensure continued access to the secure Corente Services network and Internet in the event of a WAN failure. After failover, the gateway will detect when the primary WAN connection has recovered and will automatically failback. Note that this feature does not currently support load balancing across the two WAN connections.
The Dual WAN feature can be used with a Corente Services Gateway in the Inline configuration that contains at least three Ethernet cards. One Ethernet card is for the LAN connection, one is for the primary WAN connection, and one is for the secondary WAN connection.
Dual WAN cannot be enabled on a gateway that is using the following features:
Hardware failover.
WAN interface alias addresses for port forwarding on either the primary WAN interface or secondary WAN interface.
If you plan to enable Dual WAN for gateway already in use, it is recommended that you perform a new installation of the Corente Services Gateway Software and personality file on your hardware due to several specific installation steps that are required. In particular, ensure that the gateway to which you are adding this feature is turned off before starting installation of the personality file.
To configure the secondary WAN interface, select WAN Secondary Interface on the Add Network Interfaces dialog box. In the Addressing section on the window that appears, select how an IP Address, Subnet Mask, and Default Gateway will be assigned to this secondary WAN interface.
DHCP: Select this option to allow a DHCP Server to automatically assign an IP Address, Subnet Mask, and Gateway address to the secondary WAN interface of this gateway.
Static: When this option is selected, you must manually enter addressing information for this interface.
PPPoE: Select this option if your gateway will use PPPoE to connect to the secondary WAN connection from this interface.
In the WAN Failover section, fill out the field as follows:
Failover/Failback detection interval: Enter the period of time (in seconds) that the gateway will wait before an outage of the primary WAN connection causes a failover to the secondary WAN connection. Once the primary WAN connection comes up again, failback will be delayed for the same interval or 300 seconds, whichever is less. This ensures that the primary WAN connection is operational and prevents flapping of the interface. The default failover interval is 600 seconds, but can be between 30 seconds and 86,400 seconds (24 hours). The default failback interval is 300 seconds, but will use the same interval you have set for the failover interval, up to a maximum of 300 seconds. Note that failover and failback will each cause a restart of the gateway service (but not of the gateway hardware itself).
After installing (or reinstalling) the Corente Services Gateway software onto your gateway, make sure the gateway hardware is turned off. Connect the Ethernet cable for the primary WAN to one of the gateway’s Ethernet interfaces. It does not matter which Ethernet interface this cable is plugged into, as the gateway will itself designate that particular interface as the primary WAN interface. Do not connect the secondary WAN connection to an Ethernet interface yet.
Once the gateway has started up and connected to the Corente SCP over the primary WAN connection, connect the Ethernet cable for the secondary WAN connection to an Ethernet interface of the gateway. You should then access the Control page of Gateway Viewer and force a failover to the secondary WAN connection to ensure that it is working.
After you add a WAN Secondary Interface, the interface identified as WAN Interface will function as the primary WAN interface.
Enable Alias Addresses for Port Forwarding
Normally, a Corente Services Gateway prevents access to the LAN from the Internet/WAN, allowing external connections only from partner Locations or Corente Clients. But your corporate network may contain servers that must be reachable by Internet/WAN traffic. For example, a web server that serves your company’s website. Port forwarding allows these servers to use the gateway’s LAN/WAN or WAN interface as their own public interface, with the gateway filtering out the unwanted traffic and passing on only the approved type of traffic to the designated server.
Specifically, port forwarding allows an administrator to forward traffic bound for particular ports of the gateway’s LAN/WAN or WAN address to the appropriate servers behind the gateway. For example, port forwarding can be configured so that all traffic pointed at the gateway’s WAN address and port 80, the standard port used for HTTP traffic, is forwarded by the gateway to a web server in your DMZ.
If multiple DMZ servers will need to utilize the same port, an administrator can create multiple alias addresses for the gateway’s LAN/WAN or WAN interface and ensure that all incoming traffic through the gateway to that alias address is forwarded to specific servers on the private LAN of the DMZ. Aliases are used, for example, when you have two web servers in your DMZ that both use HTTP on port 80. One server can use the LAN/WAN or WAN address of the gateway as its routable address, but each additional server using port 80 will require a distinct routable address to ensure that traffic is routed appropriately. The addresses that you use as aliases must be routable addresses that are otherwise not in use.
To configure alias addresses, edit the LAN/WAN or WAN interface of the Corente Services Gateway. Click the Add button in the Interface Aliases section.
Fill out the fields as follows:
Interface Alias Name: Enter a name for this alias. This name will be used for administration purposes in App Net Manager.
Alias IP Address: Enter the alias IP address for the interface. The address that you enter here must be a routable address that is otherwise not in use.
Click OK to save the alias. The alias will now be listed in the Interface Aliases section.
Click OK again when you have finished adding alias addresses. You will use the aliases you have entered to forward traffic from the gateway to the appropriate servers via tube definitions for the DMZ to Internet Access partner or LAN to Internet Access partner on the Partners tab of the Location form.
Port forwarding and aliases are not necessarily used only with a DMZ. They can also be used whenever you have multiple servers using the same port and you would like them all to be reachable from the Internet/WAN. These multiple servers may not reside in your DMZ, but directly on your LAN.