This content has been marked as final. Show 3 replies
There is nothing obviously wrong with the setting, so these suggestions are just to help identify the problem:
1) Simplify: lose sgdusa
2) Reverse the order:
Do either of these change affect what happens?
Dave wrote:The delimiter in your command is invalid, separate each filter-spec entry with "comma's"
./tarantella config edit --security-gateway "172.16.254.41:sgdg:sgdusa.XXXXXXXX.com:443;172.16.160.10:sgdg:sgdusa2.XXXXXXXXX.com:443;*:direct:amralbvdi01"
Anyway, you do realize that the "IP addresses" you've specified in your filter-spec apply to "client" connections, not "gateway" connections, right?
That is, a client with the ip address .41 will route through gateway sgdusa, a client connecting with ip address .10 will route through sgdusa2, and everyone else will connect directly to amralbvdi01 - not sure that's what you want.
And why two gateways for one server? For a load-balanced deployment, you'll want a load-balancer, like:
According to http://docs.oracle.com/cd/E19351-01/821-1924/cgfjighe.html the filter-spec delimter is a ";", and not a comma.
And yes, .42 is a DMZ IP for SGDUSA, and .10 is SGDUSA2's DMZ IP, so those are correct.
We have two gateways because the gateways are in two different geographic locations, on different connections to the internet, so they are for geographic-connectivity reasons and not load balance.
Given my delimiter is correct, am I missing something else?