VSX Security Group Virtual System Virtual Router

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
3 hours 53 minutes
Difficulty
Beginner
Video Transcription
00:00
So in the previous demonstration, High created
00:06
two security groups. They were both regular
00:09
security gateway security groups.
00:12
So
00:13
now I'm going to demonstrate
00:15
a little bit
00:17
of a mix. I'm going to create one
00:21
security group
00:22
with, uh, bsx not enabled
00:25
than a 2nd 1 with V Essex selected till have one security gateway
00:31
and one V s ex gateway.
00:34
So
00:35
going through the first time
00:38
wizard,
00:40
adding the sicky and so on,
00:49
populating a couple of appliances into the security group
00:53
management interface and a couple of uplink appliances,
00:57
and I forgot to delete the villain.
01:00
So I'm gonna go ahead, do that real quick.
01:03
I'm really compulsive
01:04
for neatness, I suppose.
01:11
And
01:12
there's
01:14
gotta be a better way to do this.
01:17
Select each one
01:19
individually, but it occurs to me that you can use shift and control,
01:25
select multiple
01:26
and
01:29
try that.
01:30
And
01:32
indeed,
01:34
this is a better way.
01:34
So
01:36
there you go
01:38
and
01:38
select multiple gateways or multiple interfaces
01:42
using the shift or control keys, modify the clicks,
01:49
so populate a couple of uplink interfaces in the security group,
01:57
read a second security group, and
02:00
populate the single management object
02:02
at work.
02:05
And then
02:06
also the first time wizard settings
02:22
so unimaginative
02:23
security group name
02:32
and select installers via ***. So this will be a
02:37
Pius V SX gateways
02:39
security management object
02:40
populated with a couple of
02:44
security gateway modules. And
02:49
I want to get there. We are. Don't want to get
02:51
the same management interface
02:53
and a couple of uplink interfaces.
02:59
Now that
03:00
all that's done,
03:01
go ahead and
03:05
apply. So we're looking at the configuration, making sure it's correct and where
03:10
sending the configuration out to the selected security Gateway modules
03:15
and now
03:16
security Gateway modules
03:19
be restarting
03:21
and I'll pause for a bit
03:24
while waiting for the security gateway modules to to restart.
03:30
So they have restarted and I am connected to the Web user interface of the first security groups. Single management object
03:45
and
03:46
sorry keyboard problem Now
03:51
managed to type the password
03:53
again. It's, ah, the default password because this is a brand new single management objects, So admin admin
04:00
Just make a couple of setting changes here.
04:02
Nice long time out for the command line interface as well as the Web user interface
04:09
in production, you probably wouldn't have a time out this long. Don't forget to apply
04:14
and also
04:15
change the password.
04:16
So from the default admin to a top secret super secret password
04:27
Now configure the network interfaces thes air the up link interfaces that I attached
04:32
to this security group
04:41
And
04:43
for this demonstration,
04:45
Zien
04:47
the one at work
04:53
both interfaces will be configured
05:04
once that's done.
05:06
No,
05:08
Normally, I would open the other security groups Web user interface, but
05:14
it's a V s ex group,
05:15
so Web user interface isn't supported.
05:18
So I'm gonna skip that step
05:20
next
05:23
smart Consul,
05:25
create the objects
05:29
So we have to security groups. One is
05:32
the SX, the other is not V SX. So
05:35
will be creating
05:38
two objects in smart Consul one will be
05:44
usual
05:45
security gateway object and the other will be of bsx gateway object
05:50
creating the security gateway object populating it with an aim that I configured for the service of single management object
05:59
i p address I configured for the single management object
06:02
established sick
06:03
using the activation key that I configured
06:13
and apology
06:15
now be fetched
06:18
and it looks very nice.
06:25
So next, um
06:28
well,
06:30
close the topology will close the the brand new security gateway object
06:34
and create another object in this case Ah V s ex gateway object
06:46
and
06:46
the process
06:48
follows the same lines. But
06:51
it's a little It looks a little bit different.
06:54
Uh,
06:55
but again, use Thea
06:57
the name I configured in the second security group TVs X Security group used the I p address that I configured in that second security group
07:04
and the version is
07:06
already got 20
07:10
scalable platform.
07:12
In this demo environment,
07:15
I'll just take the default shared interface,
07:18
provide the activation key that was specified when I created the second Security group
07:32
and select
07:34
one interface to be villain trunk
07:39
and maybe both.
07:40
How about both interfaces, Beeville and trucks?
07:45
I really don't want toe configure the management interface to be a villain trunk in this demo environment.
07:50
No,
07:53
in a production environment that that might make sense.
07:59
So
07:59
ah, the villain trunks can be used by virtual switches
08:05
to
08:05
to provide
08:07
multiple virtual systems with their own connective ity. Out. You've seen one physical in this case, virtual physical interface
08:22
issues with my mouse selecting
08:24
Oh, I I want toe reserve one interface. That's not a V SX. Sorry. Not a feel an interface.
08:31
I forgot. I only had to a plane. Jenner faces here.
08:37
So we'll set one of them not to be a villain, Trump,
08:41
and enable some
08:43
policy some some simple policy on the V s ex gateway itself.
08:50
Though you may want to just check all of the options
08:54
for the security rules to add,
08:58
except for the last
09:01
any any, any drop.
09:03
And
09:05
when you
09:07
click next, it automatically starts the process of we publisher changes. We start creating the V Essex's Gateway object.
09:18
We push policy to the V s ex gateway object
09:24
and and recall the V s ex gateway. That's the outer shell that that represents the physical server
09:30
that will be running the virtual systems.
09:35
So now
09:37
I wanna create
09:39
virtual system to run inside of that bsx gateway.
09:43
First, I'm gonna install policy to the other security gateway
09:50
one that is just a regular security gateway.
09:58
Don't let that run
10:01
and
10:03
create ah via a virtual system
10:05
on that bsx gateway.
10:22
Very imaginative
10:24
name for that virtual system.
10:26
And there's only one choice for the
10:28
bsx, gateway
10:35
and figure. Internal and external interfaces
10:41
and periods are important,
10:46
as is the brake sub net mask
10:50
or going
10:52
default gateway at this point
10:58
or internal will use ah V Land
11:07
and
11:07
I p address.
11:09
Imaginative
11:11
but
11:13
that mask complete with periods.
11:15
Next,
11:16
the virtual system will be created on the ts X gateway. And again, this automatically publishes any changes,
11:24
starts the process of creating that virtual system
11:28
in configuration on the management server
11:31
and then
11:33
on the V Essex's gateway itself.
11:35
And this will take a while. So
11:39
we will, uh,
11:41
pause.
11:43
Until this is done.
11:50
The virtual system has has been created.
12:00
I expand that virtual gateway of es XK when I mean object. See the virtual system.
12:07
But install policy is the same policy that has been installed on my security. Gateway will be installed on this virtual system
12:22
then,
12:24
but that just install it on both the security gateway and the
12:30
virtual system.
12:39
Yeah,
12:41
so
12:43
this is a
12:45
virtual system
12:46
running
12:48
on all of the
12:50
security gateway modules that are plugged in or that are attached to this service group
12:58
outside this security group, the, um,
13:01
policy successfully installed array. That's always good.
13:07
If you're planning to deploy
13:09
bsx in a maestro environment,
13:11
there's some limitations that you should know. This is the list of
13:16
already got 20 scalable platform known limitations,
13:20
and the first
13:22
is that
13:31
virtual switch is not supported
13:33
without
13:35
a jumble. Hot fix
13:37
and
13:39
second, is that
13:43
virtual routers are not supported.
13:46
There's not a fix for that available,
13:48
so
13:50
it requires a jumble hot fix and already got 20
13:54
in order to use virtual switches correctly.
13:58
Virtual routers are not supported
14:05
and
14:07
same thing in our 80.30 scalable platform. There's a hot fix required
14:11
or virtual switches.
14:13
Virtual routers are not yet supported at the time of this video.
Up Next