GeneNZ
July 22nd, 2009, 05:52 PM
Hi there,
I've got an interesting issue in ESS Business Edition v4.0.437, which prevents us from accessing Windows 2008 servers configured with Intel NIC Teaming. Several of our servers are running Intel Adapter Teaming as part of the Intel Advanced Network Services (ANS). These NIC teams have been setup using Adaptive Load Balancing (as opposed to 802.3ad Link Aggregation). When I try connect to one of these servers via the network (using services such as VNC or simple windows file sharing), I am unable to connect to the machine. With the firewall disabled, everything is fine.
I have investigated the issue, and it appears it is part of the ESS Firewall IDS, in which we receive "Detected ARP cache poisoning attacks". Disabling this feature on the IDS allows us to connect to machine with the ESS firewall enabled.
From a highlevel networking point of view, I can see why the firewall is blocking it, as the Intel software maybe generating a pseudo-MAC address for the teamed NIC's. As a result, ESS detects it and prevents network traffic.
The interesting thing is that I can only see it happening with the Intel ANS software only. We have a Dell Poweredge 1950 with onboard broadcom NIC's running the broadcom NIC Teaming software with no issues. We also have several linux servers using the built in NIC bonding software, and there is no issue.
Does anyone have any clue how to fix this without having to outrightly disabling this check in the IDS.
Thanks in advance.
Gene
I've got an interesting issue in ESS Business Edition v4.0.437, which prevents us from accessing Windows 2008 servers configured with Intel NIC Teaming. Several of our servers are running Intel Adapter Teaming as part of the Intel Advanced Network Services (ANS). These NIC teams have been setup using Adaptive Load Balancing (as opposed to 802.3ad Link Aggregation). When I try connect to one of these servers via the network (using services such as VNC or simple windows file sharing), I am unable to connect to the machine. With the firewall disabled, everything is fine.
I have investigated the issue, and it appears it is part of the ESS Firewall IDS, in which we receive "Detected ARP cache poisoning attacks". Disabling this feature on the IDS allows us to connect to machine with the ESS firewall enabled.
From a highlevel networking point of view, I can see why the firewall is blocking it, as the Intel software maybe generating a pseudo-MAC address for the teamed NIC's. As a result, ESS detects it and prevents network traffic.
The interesting thing is that I can only see it happening with the Intel ANS software only. We have a Dell Poweredge 1950 with onboard broadcom NIC's running the broadcom NIC Teaming software with no issues. We also have several linux servers using the built in NIC bonding software, and there is no issue.
Does anyone have any clue how to fix this without having to outrightly disabling this check in the IDS.
Thanks in advance.
Gene