DPA Configuration when using both network cards on a segmented network.
There are cases where TPAM is required to manage devices on networks not known to TPAM’s local segment. Using a DPA allows TPAM to manage these devices through use of a properly configured DPA. The example below requires TPAM to communicate with a device that is located behind a firewall on a network unknown by TPAM.
DPA ETH1 GATEWAY: 10.9.4.1
The last gateway read during the network startup is the default gateway for the device. The network information is read in ascending order by device id. In this example, because eth1 is read last; the default gateway for the device is 10.9.4.1.
All traffic not originating from the DPA will attempt to leave the DPA via the default gateway. The exception to this is when either a static route is added, or the network is known locally. In this configuration, any device on 192.168.7.X network does not need a static route. However if there are other devices behind the 192.168.7.1 gateway, those devices/networks will need static routes. Static routes are not needed for anything behind the DPA’s default gateway.
In this configuration, remote access is available on 10.9.6.247 and 192.168.7.247. However, it is important to note that access via 192.168.7.247 will require that client to be connect to the 192.168.7.X network, or come from a network in which a static route has been placed. Accessing the device via 10.9.6.247 does not require any static routes. The client simply needs to be able to route to that network.
The network design is such that 192.168.7.X/24 and 10.9.4.X/22 network are physically and logically separate and have no routes in between. The DPA and TPAM both are members of the 10.9.4.X/22 network. When enrolling the DPA, the DPA must be enrolled via the 10.9.4.X network. The DPA’s network address in the cluster management must be on 10.9.4.X/22(or on the same segment as TPAM). When TPAM must manage devices on the 192.168.7.X/24 segment, affinity must be set for the corresponding DPA. Figures B,C, and D show examples of this configuration.
Figure B:
Figure C:
Figure D:
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center