VSX Security Group Virtual System Virtual Router

00:00

So in the previous demonstration, High created

00:06

two security groups. They were both regular

00:09

security gateway security groups.

00:12

So

00:13

now I'm going to demonstrate

00:15

a little bit

00:17

of a mix. I'm going to create one

00:21

security group

00:22

with, uh, bsx not enabled

00:25

than a 2nd 1 with V Essex selected till have one security gateway

00:31

and one V s ex gateway.

00:34

So

00:35

going through the first time

00:38

wizard,

00:40

adding the sicky and so on,

00:49

populating a couple of appliances into the security group

00:53

management interface and a couple of uplink appliances,

00:57

and I forgot to delete the villain.

01:00

So I'm gonna go ahead, do that real quick.

01:03

I'm really compulsive

01:04

for neatness, I suppose.

01:11

And

01:12

there's

01:14

gotta be a better way to do this.

01:17

Select each one

01:19

individually, but it occurs to me that you can use shift and control,

01:25

select multiple

01:26

and

01:29

try that.

01:30

And

01:32

indeed,

01:34

this is a better way.

01:34

So

01:36

there you go

01:38

and

01:38

select multiple gateways or multiple interfaces

01:42

using the shift or control keys, modify the clicks,

01:49

so populate a couple of uplink interfaces in the security group,

01:57

read a second security group, and

02:00

populate the single management object

02:02

at work.

02:05

And then

02:06

also the first time wizard settings

02:22

so unimaginative

02:23

security group name

02:32

and select installers via ***. So this will be a

02:37

Pius V SX gateways

02:39

security management object

02:40

populated with a couple of

02:44

security gateway modules. And

02:49

I want to get there. We are. Don't want to get

02:51

the same management interface

02:53

and a couple of uplink interfaces.

02:59

Now that

03:00

all that's done,

03:01

go ahead and

03:05

apply. So we're looking at the configuration, making sure it's correct and where

03:10

sending the configuration out to the selected security Gateway modules

03:15

and now

03:16

security Gateway modules

03:19

be restarting

03:21

and I'll pause for a bit

03:24

while waiting for the security gateway modules to to restart.

03:30

So they have restarted and I am connected to the Web user interface of the first security groups. Single management object

03:45

and

03:46

sorry keyboard problem Now

03:51

managed to type the password

03:53

again. It's, ah, the default password because this is a brand new single management objects, So admin admin

04:00

Just make a couple of setting changes here.

04:02

Nice long time out for the command line interface as well as the Web user interface

04:09

in production, you probably wouldn't have a time out this long. Don't forget to apply

04:14

and also

04:15

change the password.

04:16

So from the default admin to a top secret super secret password

04:27

Now configure the network interfaces thes air the up link interfaces that I attached

04:32

to this security group

04:41

And

04:43

for this demonstration,

04:45

Zien

04:47

the one at work

04:53

both interfaces will be configured

05:04

once that's done.

05:06

No,

05:08

Normally, I would open the other security groups Web user interface, but

05:14

it's a V s ex group,

05:15

so Web user interface isn't supported.

05:18

So I'm gonna skip that step

05:20

next

05:23

smart Consul,

05:25

create the objects

05:29

So we have to security groups. One is

05:32

the SX, the other is not V SX. So

05:35

will be creating

05:38

two objects in smart Consul one will be

05:44

usual

05:45

security gateway object and the other will be of bsx gateway object

05:50

creating the security gateway object populating it with an aim that I configured for the service of single management object

05:59

i p address I configured for the single management object

06:02

established sick

06:03

using the activation key that I configured

06:13

and apology

06:15

now be fetched

06:18

and it looks very nice.

06:25

So next, um

06:28

well,

06:30

close the topology will close the the brand new security gateway object

06:34

and create another object in this case Ah V s ex gateway object

06:46

and

06:46

the process

06:48

follows the same lines. But

06:51

it's a little It looks a little bit different.

06:54

Uh,

06:55

but again, use Thea

06:57

the name I configured in the second security group TVs X Security group used the I p address that I configured in that second security group

07:04

and the version is

07:06

already got 20

07:10

scalable platform.

07:12

In this demo environment,

07:15

I'll just take the default shared interface,

07:18

provide the activation key that was specified when I created the second Security group

07:32

and select

07:34

one interface to be villain trunk

07:39

and maybe both.

07:40

How about both interfaces, Beeville and trucks?

07:45

I really don't want toe configure the management interface to be a villain trunk in this demo environment.

07:50

No,

07:53

in a production environment that that might make sense.

07:59

So

07:59

ah, the villain trunks can be used by virtual switches

08:05

to

08:05

to provide

08:07

multiple virtual systems with their own connective ity. Out. You've seen one physical in this case, virtual physical interface

08:22

issues with my mouse selecting

08:24

Oh, I I want toe reserve one interface. That's not a V SX. Sorry. Not a feel an interface.

08:31

I forgot. I only had to a plane. Jenner faces here.

08:37

So we'll set one of them not to be a villain, Trump,

08:41

and enable some

08:43

policy some some simple policy on the V s ex gateway itself.

08:50

Though you may want to just check all of the options

08:54

for the security rules to add,

08:58

except for the last

09:01

any any, any drop.

09:03

And

09:05

when you

09:07

click next, it automatically starts the process of we publisher changes. We start creating the V Essex's Gateway object.

09:18

We push policy to the V s ex gateway object

09:24

and and recall the V s ex gateway. That's the outer shell that that represents the physical server

09:30

that will be running the virtual systems.

09:35

So now

09:37

I wanna create

09:39

virtual system to run inside of that bsx gateway.

09:43

First, I'm gonna install policy to the other security gateway

09:50

one that is just a regular security gateway.

09:58

Don't let that run

10:01

and

10:03

create ah via a virtual system

10:05

on that bsx gateway.

10:22

Very imaginative

10:24

name for that virtual system.

10:26

And there's only one choice for the

10:28

bsx, gateway

10:35

and figure. Internal and external interfaces

10:41

and periods are important,

10:46

as is the brake sub net mask

10:50

or going

10:52

default gateway at this point

10:58

or internal will use ah V Land

11:07

and

11:07

I p address.

11:09

Imaginative

11:11

but

11:13

that mask complete with periods.

11:15

Next,

11:16

the virtual system will be created on the ts X gateway. And again, this automatically publishes any changes,

11:24

starts the process of creating that virtual system

11:28

in configuration on the management server

11:31

and then

11:33

on the V Essex's gateway itself.

11:35

And this will take a while. So

11:39

we will, uh,

11:41

pause.

11:43

Until this is done.

11:50

The virtual system has has been created.

12:00

I expand that virtual gateway of es XK when I mean object. See the virtual system.

12:07

But install policy is the same policy that has been installed on my security. Gateway will be installed on this virtual system

12:22

then,

12:24

but that just install it on both the security gateway and the

12:30

virtual system.

12:39

Yeah,

12:41

so

12:43

this is a

12:45

virtual system

12:46

running

12:48

on all of the

12:50

security gateway modules that are plugged in or that are attached to this service group

12:58

outside this security group, the, um,

13:01

policy successfully installed array. That's always good.

13:07

If you're planning to deploy

13:09

bsx in a maestro environment,

13:11

there's some limitations that you should know. This is the list of

13:16

already got 20 scalable platform known limitations,

13:20

and the first

13:22

is that

13:31

virtual switch is not supported

13:33

without

13:35

a jumble. Hot fix

13:37

and

13:39

second, is that

13:43

virtual routers are not supported.

13:46

There's not a fix for that available,

13:48

so

13:50

it requires a jumble hot fix and already got 20

13:54

in order to use virtual switches correctly.

13:58

Virtual routers are not supported

14:05

and

14:07

same thing in our 80.30 scalable platform. There's a hot fix required

14:11

or virtual switches.