Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dor_Marcovitch
Advisor

VSX VS0 Interfaces

hey

  1. is it possible that VS0 will have multiple interfaces (LAN and WAN)?
  2. is it possible to route traffic through VS0?
  3. has anyone deployed VSX on remote datacenter which VS0 has interface has interface to the itnernet
11 Replies
Kaspars_Zibarts
Employee Employee
Employee

Never done it that way but I assume so - it's just a regular firewall in that sense. (traffic/interfaces)

We always had another VS in front of VS0 for traffic coming from internet. I guess you are worried if VSX goes down then you won't be able to reach VS0? Out of band option?

0 Kudos
Dor_Marcovitch
Advisor

exactly.

Kaspars Zibarts wrote:

I guess you are worried if VSX goes down then you won't be able to reach VS0? Out of band option?

i don't have spare interfaces on the VSX , currently bond1 is my dedicated management interface.

what should be the proccess of moving the ip from bond1 to bond1.10 and adding another interface to vs0 bond1.20 ?

thanks

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

In all honesty I don't see it as a big problem having VS0 exposed to internet directly - as long as you have good rulebase and password policy in place Smiley Happy

It will be as good as having another firewall in front of it. Minus DDOS - you would be exposed unless you have some external device to protect you from floods.

0 Kudos
Vladimir
Champion
Champion

Kaspars,

How do you access a VS0 policy post-installation?

I recall being presented with default VSX policy configuration options when converting gateways or clusters to VSX, but cannot figure out where it is hiding once you are operating the unit or cluster. 

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Hi Vlad! I'm not entirely sure if I understand your question. VS0 (VSX cluster object) policy is accessible just like any other, from appropriate CMA (in case you use MDM).

I might have misunderstood you Smiley Happy

0 Kudos
Vladimir
Champion
Champion

We may be speaking of different things, but just in case we are not, please verify this:

During initial VSX configuration you have an opportunity to define this policy:

Looking under the VSX Cluster object, you do not see the VS0 (at least I do not see it in the R77.30 demo mode and VSX is not available as an object in R80.10 demo):

So I m not sure how you could specify it as an installation target for the dedicated policy or rules in the common one.

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

VSX cluster object is your VS0 Smiley Happy

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

Here's view from command line

and install targets

0 Kudos
Vladimir
Champion
Champion

That's what I thought, but the initial policy created during installation/conversion is not visible as a stand-alone name policy package.

So you are able to create an additional policy and use cluster object as a target, but where is the policy that was originally created?

If you are to create a new VSX object and look at it via CLI in the context of VS0, what policy will be shown?

Could it be opened and edited?

0 Kudos
Kaspars_Zibarts
Employee Employee
Employee

If you refer to this one (had to create a test VM just for you Smiley Happy as our VSXes were created million years ago..)

and here's the policy it  created "testvsx_VSX"

0 Kudos
Vladimir
Champion
Champion

Thanks! Exactly what i was looking for.

It's just happen to be missing from the Demo Mode in R77.30 and there are no VSX objects in R80.10 Demo, hence the confusion.

Appreciate you going an extra mile to clear the fog Smiley Happy

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events