Wizard Step 6: VSX Gateway Management

In the VSX Gateway Management window, define security policy rules that protect the VSX Gateway. This policy is installed automatically on the new VSX Gateway.

Note - This policy applies only to traffic destined for the VSX Gateway. Traffic destined for Virtual Systems, other Virtual Devices, external networks, and internal networks is not affected by this policy.

The security policy consists of predefined rules for these services:

• UDP - SNMP requests
• TCP - SSH traffic
• ICMP - Echo-request (ping)
• TCP - HTTPS traffic

To Modify the Gateway Security Policy

1. Allow: Select to pass traffic on the selected services. Clear this option to block traffic on this service. By default, all services are blocked.

   For example, to be able to ping the gateway from the management server, allow ICMP echo-request traffic.

2. Source: Click the arrow and select a Source Object from the list.

   The default value is *Any. Click New Source Object to define a new source.

   You can modify the security policy rules that protect the VSX Gateway later.

3. Click Next.

Completing the VSX Wizard

Click Next to continue and then click Finish to complete the VSX Gateway wizard.

This may take several minutes to complete. A message shows successful or unsuccessful completion of the process.

If the process ends unsuccessfully, click View Report to see the error messages. See the Troubleshooting chapter.

Confirming the VSX Gateway Software Configuration

To make sure that the policy was successfully installed:

1. Connect to the appliance with an SSH client or the serial console.
2. Run:

   # asg monitor -vs all

3. Make sure that the status for SGMs is Enforcing Security on the Active and Standby Chassis, for all Virtual Systems.

   This example shows the output for a dual Chassis VSX Gateway. Chassis 1 (Active) has 1 SGM in its Security Group.

   -------------------------------------------------------------------------------- | Chassis 1 ACTIVE | -------------------------------------------------------------------------------- | SGM | 1 (local) | - | - | -------------------------------------------------------------------------------- | State | UP | - | - | -------------------------------------------------------------------------------- | VS ID | -------------------------------------------------------------------------------- | 0 | Enforcing Security | - | - | --------------------------------------------------------------------------------

4. You can now add more SGMs to the Security Group. Run:

   # asg security_group

5. After all SGMs are UP and enforcing Security, you can add Virtual Systems to the VSX Gateway.