Security

last person joined: 2 days ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba VIA - Interface Metric set to 500

This thread has been viewed 1 times

  • 1.  Aruba VIA - Interface Metric set to 500

    Posted Sep 25, 2020 09:12 PM

    We have an issue with the Aruba VIA client.  We run our clients in split-tunnel and, as you know, when a DNS request is made, the DNS request is sent to both the public and Corporate DNS servers.  If both DNS servers return a valid IP address, the machine always chooses the public DNS IP.  We found out today that this is because the Aruba VIA client sets the interface metric to 500 which makes it basically the least-preferred interface on the machine.  In our experience, this is opposite behavior of other major vendors like Pulse Secure.  We can manually change the metric while the interface is connected and it works correctly, but after disconnecting and reconnecting, the interface is reset back to 500.  Does anyone know of a way to change this behavior?  I can probably rig up a login script to change it, but this may prove to be problematic for our users installing this client on their home computers.  Thanks in advance for any suggestions you may have.



  • 2.  RE: Aruba VIA - Interface Metric set to 500

    EMPLOYEE
    Posted Sep 25, 2020 09:35 PM

    Are you currently setting the DNS client suffix list so that corporate DNS requests are forwarded to the corporate DNS?  https://community.arubanetworks.com/t5/media/gallerypage/user-id/7343/album-id/130/image-id/670iEB2A0E33D83284EF



  • 3.  RE: Aruba VIA - Interface Metric set to 500

    Posted Sep 26, 2020 11:02 AM

    Yes.  I do have my corporate domains listed in the DNS Suffix list.  All three of those suffixes show up in the client ipconfig list after login.  As you can see, the packet capture shows that the DNS query to each DNS server happens within a millisecond of each other, so it appears they are happening simultaneously.  Regardless, both queries return a result and the public DNS result is chosen.  If I change the VIA interface metric to 50, it chooses the corporate DNS result.  In the attached pic, I am pinging an internal machine (banrapps.somedomain.nyb). 172.22.40.218 is the VPN IP of the client, 172.22.1.43 is the DNS IP, 192.168.10.200 is the Client Local IP, and 192.168.10.1 is the Client Local Router/DNS IP.  You can see from the ping result that it chose the public dns result.  (I have changed the domains/IPs to protect the innocent.  )