Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

InterScan Web Security Virtual Appliance (IWSVA) blocks Internet traffic in Transparent Bridge Mode

    • Updated:
    • 8 Oct 2015
    • Product/Version:
    • InterScan Web Security Virtual Appliance 5.6
    • InterScan Web Security Virtual Appliance 6.0
    • Platform:
    • Virtual Appliance N/A
Summary

When IWSVA is installed in Transparent Bridge Mode (VMware ESX deployment), Internet becomes blocked or slow.

Details
Public

To prevent this issue:

  1. Both physical network adapters should be connected to a separate virtual switch (i.e. VswitchIN and VswitchOUT).
    If they are not set up that way, you should create them and attach a NIC to the corresponding Virtual Switch.
    1. Log in to your VMware ESX server console.
    2. Select the name of your server in the left column and click the Configuration tab.
    3. In the Networking section, you should be able to see vSwitch0, which is the first switch ESX created on the setup. It already has the first Network Adapter attached.
      If your server has two Network Interfaces, make sure that the switch has only one of the two Network Interfaces connected.
      After making the changes to vSwitch0, create another virtual switch.
    4. In the Networking section, click Add in the upper right section.
    5. In the wizard, select Virtual Machine as the type of switch.
    6. In the next section, you should select the second Network Adapter in order to attach it to the new virtual switch.
    7. Provide the switch name and finalize the wizard.
  2. Both virtual switches should be set to accept Promiscuous Mode because this is the only way the NIC will accept incoming traffic. Otherwise, the Internet will be blocked because all the traffic will be rejected by the switch.
    1. Log in to your VMware ESX server console, select the name of your server in the left column and click the Configuration tab.
    2. In the Networking section, you should be able to see vSwitch0, which is the first switch ESX created on the setup. It already has the first Network Adapter attached.
    3. Click Properties > Security tab.
    4. In the dropdown menu for Promiscuous Mode section, click Accept.
  3. The IP you will configure in IWSVA, as well as the default gateway, should be within the segment of the internet gateway. Otherwise, the requests from IWSVA to the Internet will not leave the network. For example, if your gateway configuration is the following:

    IP: 192.168.75.1
    Subnet: 255.255.255.0
    Default Gateway: NA

    IWSVA should have an IP configuration like this:

    IP: 192.168.75.5
    Subnet: 255.255.255.0
    Default Gateway: 192.168.75.1

Premium
Internal
Rating:
Category:
Troubleshoot; Install
Solution Id:
1055294
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.