cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

VSX VS0 Interfaces

hey

  1. is it possible that VS0 will have multiple interfaces (LAN and WAN)?
  2. is it possible to route traffic through VS0?
  3. has anyone deployed VSX on remote datacenter which VS0 has interface has interface to the itnernet
Tags (2)
11 Replies

Re: VSX VS0 Interfaces

Never done it that way but I assume so - it's just a regular firewall in that sense. (traffic/interfaces)

We always had another VS in front of VS0 for traffic coming from internet. I guess you are worried if VSX goes down then you won't be able to reach VS0? Out of band option?

0 Kudos

Re: VSX VS0 Interfaces

exactly.

Kaspars Zibarts wrote:

I guess you are worried if VSX goes down then you won't be able to reach VS0? Out of band option?

i don't have spare interfaces on the VSX , currently bond1 is my dedicated management interface.

what should be the proccess of moving the ip from bond1 to bond1.10 and adding another interface to vs0 bond1.20 ?

thanks

0 Kudos

Re: VSX VS0 Interfaces

In all honesty I don't see it as a big problem having VS0 exposed to internet directly - as long as you have good rulebase and password policy in place Smiley Happy

It will be as good as having another firewall in front of it. Minus DDOS - you would be exposed unless you have some external device to protect you from floods.

0 Kudos
Vladimir
Pearl

Re: VSX VS0 Interfaces

Kaspars,

How do you access a VS0 policy post-installation?

I recall being presented with default VSX policy configuration options when converting gateways or clusters to VSX, but cannot figure out where it is hiding once you are operating the unit or cluster. 

0 Kudos

Re: VSX VS0 Interfaces

Hi Vlad! I'm not entirely sure if I understand your question. VS0 (VSX cluster object) policy is accessible just like any other, from appropriate CMA (in case you use MDM).

I might have misunderstood you Smiley Happy

0 Kudos
Vladimir
Pearl

Re: VSX VS0 Interfaces

We may be speaking of different things, but just in case we are not, please verify this:

During initial VSX configuration you have an opportunity to define this policy:

Looking under the VSX Cluster object, you do not see the VS0 (at least I do not see it in the R77.30 demo mode and VSX is not available as an object in R80.10 demo):

So I m not sure how you could specify it as an installation target for the dedicated policy or rules in the common one.

0 Kudos

Re: VSX VS0 Interfaces

VSX cluster object is your VS0 Smiley Happy

0 Kudos

Re: VSX VS0 Interfaces

Here's view from command line

and install targets

0 Kudos
Vladimir
Pearl

Re: VSX VS0 Interfaces

That's what I thought, but the initial policy created during installation/conversion is not visible as a stand-alone name policy package.

So you are able to create an additional policy and use cluster object as a target, but where is the policy that was originally created?

If you are to create a new VSX object and look at it via CLI in the context of VS0, what policy will be shown?

Could it be opened and edited?

0 Kudos

Re: VSX VS0 Interfaces

If you refer to this one (had to create a test VM just for you Smiley Happy as our VSXes were created million years ago..)

and here's the policy it  created "testvsx_VSX"

0 Kudos
Vladimir
Pearl

Re: VSX VS0 Interfaces

Thanks! Exactly what i was looking for.

It's just happen to be missing from the Demo Mode in R77.30 and there are no VSX objects in R80.10 Demo, hence the confusion.

Appreciate you going an extra mile to clear the fog Smiley Happy