Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

LAN bypass feature does not work on VMware

    • Updated:
    • 20 Jan 2016
    • Product/Version:
    • InterScan Web Security Virtual Appliance 5.6
    • Platform:
    • N/A N/A
Summary

The LAN bypass feature does not work when InterScan Web Security Virtual Appliance (IWSVA) 5.6 is installed on VMware.

The LAN bypass function allows you to install a Trend Micro-supported fiber or Gigabit network interface card (NIC) on the supported server platform to allow network traffic to be bypassed on specific error conditions.

Details
Public

To resolve the issue, apply IWSVA 5.6 hot fix build 1432:

 
This fix is supported only on VMware ESXi 5.0, and works only with Silicom 2-port LAN bypass card. The LAN bypass card cannot be switched to bypass mode when an IWSVA virtual machine is suspended.
  1. Install IWSVA 5.6 hot fix build 1432.
     
    Applying this hot fix interrupts the HTTP and FTP services for several minutes. Plan appropriately for this downtime.
    1. Contact Trend Micro Technical Support to get a copy of the fix.
    2. Save the hot fix file to your local hard disk.
    3. Log in to the IWSVA administrator console.
    4. Go to Administration > System Updates.
    5. Click Browse and navigate to the location of the iwsva_56_ar64_en_hfb1432.tgz hot fix file.
    6. Click Open and then Upload. Your browser uploads the file to IWSVA, which validates if the file is a legitimate hot fix.
    7. Click Install to apply the hot fix and update IWSVA to build 1432. The HTTP and FTP services in IWSVA restart automatically.
  2. Install Silicom Bypass Driver for VMware ESXi 5.0 server.
    1. Enable local or remote tech support mode (TSM):
      1. From the direct console user interface (DCUI) of the ESXi host, press F2 and provide credentials when prompted.
      2. Scroll to Troubleshooting Options and then press ENTER.
      3. To enable local TSM, select Local Tech Support and press ENTER. This allows users to log in to the virtual console of the ESXi host.
        To enable remote TSM, select Remote Tech Support (SSH) and press ENTER. This allows users to login via SSH on the virtual console of the ESXi host.
    2. Query the existing vSphere installation bundles (VIBs).
      1. Make sure you are in maintenance mode by running this command:

        # vim-cmd /hostsvc/maintenance_mode_enter

      2. Run the following command to determine if any existing VIB matches the VIB you are deploying:

        # esxcli software vib list | grep bpvm

      3. If there is a match, proceed to the next step. If none, skip the next step and proceed to Step 2-d.
    3. Remove the existing VIB using this command:

      # esxcli software vib remove -n net-bpvm

      # reboot

    4. Deploy the VIB:
      1. Copy the net-bpvm-x.x.x.x86_64.vib file to your ESXi system using this command:

        # scp net-bpvm-xxxxx.x86_64.vib root@<esx-server-ip>:/tmp

      2. Deploy the VIB to ESXi by running these commands:

        # cd /tmp

        # esxcli software vib install -v /tmp/net-bpvm-xxxxx.x86_64.vib --no-sig-check

        # reboot

    5. After the reboot, check if the bpvm driver was loaded successfully. The bpvm0 interface should appear in the interfaces list on the VMware client. If does not appear, run the "vmkload_mod bpvm" command.
    6. Attach the bpvm to the vSwitch using the command "esxcfg-vswitch -L bpvm0 vSwitchX”. The pseudo network interface (bpvm0) will be added to the vSwitch.
    7. Install library libbpvm and control utility bpvmctl on the guest OS. For more details, refer to the readme.txt that came with the hot fix file.
  3. Add two ESXi virtual switches for the two LAN bypass interfaces.
  4. Set the vSwitch Promiscuous Mode to Accept.
  5. Connect both the IWSVA internal and external interfaces to the vSwitches.
  6. Open the /etc/iscan/intscan.ini file using a text editor.
  7. Under the 'bridge' section, set the "lanbypass_vm" option to "yes".
  8. Restart the IWSVA virtual machine.
Premium
Internal
Rating:
Category:
Configure; Deploy; Install
Solution Id:
1099572
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.