3 hours 53 minutes
So in the previous demonstration, High created
two security groups. They were both regular
security gateway security groups.
now I'm going to demonstrate
a little bit
of a mix. I'm going to create one
with, uh, bsx not enabled
than a 2nd 1 with V Essex selected till have one security gateway
and one V s ex gateway.
going through the first time
adding the sicky and so on,
populating a couple of appliances into the security group
management interface and a couple of uplink appliances,
and I forgot to delete the villain.
So I'm gonna go ahead, do that real quick.
I'm really compulsive
for neatness, I suppose.
gotta be a better way to do this.
Select each one
individually, but it occurs to me that you can use shift and control,
this is a better way.
there you go
select multiple gateways or multiple interfaces
using the shift or control keys, modify the clicks,
so populate a couple of uplink interfaces in the security group,
read a second security group, and
populate the single management object
also the first time wizard settings
security group name
and select installers via ***. So this will be a
Pius V SX gateways
security management object
populated with a couple of
security gateway modules. And
I want to get there. We are. Don't want to get
the same management interface
and a couple of uplink interfaces.
all that's done,
go ahead and
apply. So we're looking at the configuration, making sure it's correct and where
sending the configuration out to the selected security Gateway modules
security Gateway modules
and I'll pause for a bit
while waiting for the security gateway modules to to restart.
So they have restarted and I am connected to the Web user interface of the first security groups. Single management object
sorry keyboard problem Now
managed to type the password
again. It's, ah, the default password because this is a brand new single management objects, So admin admin
Just make a couple of setting changes here.
Nice long time out for the command line interface as well as the Web user interface
in production, you probably wouldn't have a time out this long. Don't forget to apply
change the password.
So from the default admin to a top secret super secret password
Now configure the network interfaces thes air the up link interfaces that I attached
to this security group
for this demonstration,
the one at work
both interfaces will be configured
once that's done.
Normally, I would open the other security groups Web user interface, but
it's a V s ex group,
so Web user interface isn't supported.
So I'm gonna skip that step
create the objects
So we have to security groups. One is
the SX, the other is not V SX. So
will be creating
two objects in smart Consul one will be
security gateway object and the other will be of bsx gateway object
creating the security gateway object populating it with an aim that I configured for the service of single management object
i p address I configured for the single management object
using the activation key that I configured
now be fetched
and it looks very nice.
So next, um
close the topology will close the the brand new security gateway object
and create another object in this case Ah V s ex gateway object
follows the same lines. But
it's a little It looks a little bit different.
but again, use Thea
the name I configured in the second security group TVs X Security group used the I p address that I configured in that second security group
and the version is
already got 20
In this demo environment,
I'll just take the default shared interface,
provide the activation key that was specified when I created the second Security group
one interface to be villain trunk
and maybe both.
How about both interfaces, Beeville and trucks?
I really don't want toe configure the management interface to be a villain trunk in this demo environment.
in a production environment that that might make sense.
ah, the villain trunks can be used by virtual switches
multiple virtual systems with their own connective ity. Out. You've seen one physical in this case, virtual physical interface
issues with my mouse selecting
Oh, I I want toe reserve one interface. That's not a V SX. Sorry. Not a feel an interface.
I forgot. I only had to a plane. Jenner faces here.
So we'll set one of them not to be a villain, Trump,
and enable some
policy some some simple policy on the V s ex gateway itself.
Though you may want to just check all of the options
for the security rules to add,
except for the last
any any, any drop.
click next, it automatically starts the process of we publisher changes. We start creating the V Essex's Gateway object.
We push policy to the V s ex gateway object
and and recall the V s ex gateway. That's the outer shell that that represents the physical server
that will be running the virtual systems.
I wanna create
virtual system to run inside of that bsx gateway.
First, I'm gonna install policy to the other security gateway
one that is just a regular security gateway.
Don't let that run
create ah via a virtual system
on that bsx gateway.
name for that virtual system.
And there's only one choice for the
and figure. Internal and external interfaces
and periods are important,
as is the brake sub net mask
default gateway at this point
or internal will use ah V Land
I p address.
that mask complete with periods.
the virtual system will be created on the ts X gateway. And again, this automatically publishes any changes,
starts the process of creating that virtual system
in configuration on the management server
on the V Essex's gateway itself.
And this will take a while. So
we will, uh,
Until this is done.
The virtual system has has been created.
I expand that virtual gateway of es XK when I mean object. See the virtual system.
But install policy is the same policy that has been installed on my security. Gateway will be installed on this virtual system
but that just install it on both the security gateway and the
this is a
on all of the
security gateway modules that are plugged in or that are attached to this service group
outside this security group, the, um,
policy successfully installed array. That's always good.
If you're planning to deploy
bsx in a maestro environment,
there's some limitations that you should know. This is the list of
already got 20 scalable platform known limitations,
and the first
virtual switch is not supported
a jumble. Hot fix
second, is that
virtual routers are not supported.
There's not a fix for that available,
it requires a jumble hot fix and already got 20
in order to use virtual switches correctly.
Virtual routers are not supported
same thing in our 80.30 scalable platform. There's a hot fix required
or virtual switches.
Virtual routers are not yet supported at the time of this video.