In This Section: |
Here we show how to configure a VSX cluster.
Use SmartConsole for these basic cluster configurations.
In this example, we will:
Step 1: Create a VSX cluster with Virtual System Load Sharing (item 7 in the diagram)
Step 2: Create Virtual Switch (item 9)
Step 3: Create Virtual System 1 (item 11)
Step 4: Create Virtual System 2 (item 12)
Step 5: Configure the Policy and enable features on the Virtual Systems
You will need the command line interface to add more members, remove members, and upgrade members. Many advanced cluster management procedures require the command line.
Item |
Description |
|
Item |
Description |
---|---|---|---|---|
1 |
Internet |
|
8 |
Security Management Server |
2 |
Router |
|
9 |
Virtual Switch |
3 |
Physical interface |
|
10 |
Warp interface |
4 |
VLAN Switch |
|
11 |
Virtual System 1 |
5 |
Network 1 |
|
12 |
Virtual System 2 |
6 |
Network 2 |
|
13 |
VLAN Interface |
7 |
VSX Gateway |
|
14 |
VLAN Trunk |
This section describes how to create a new VSX cluster using the VSX Cluster Wizard. The wizard guides you through the steps to configure a VSX cluster.
After completing the VSX Cluster Wizard, you can modify most cluster and member properties directly from SmartConsole.
To create a new cluster:
If you are using Multi-Domain Security Management, open SmartConsole from the Domain Management Server in which you are creating the cluster.
The VSX Cluster Wizard > General Properties opens.
The Cluster General Properties page contains basic properties for VSX Clusters:
Note - All VSX Cluster Members must use the same type of platform, with the same specifications and configuration. |
Select Custom Configuration. You manually create a custom configuration without any template.
The VSX Cluster Members window defines the members of the new cluster. You must define at least two VSX Cluster Members. You can add more members later.
To add a new VSX Cluster Member:
Note: If you define an IPv6 IP address, you must also have an IPv4 address.
Note - You defined this Activation Key during the First Time Configuration Wizard of the VSX Cluster Member.
The VSX Cluster Interfaces window lets you define physical interfaces as VLAN Trunks.
The list shows all interfaces currently defined on the VSX Gateway or VSX Cluster object.
To configure a VLAN Trunk:
Select one or more interfaces to define them as VLAN Trunks. You can clear an interface to remove the VLAN Trunk assignment.
Important - You cannot define the management interface as a VLAN trunk. To use the management interface as a VLAN, you must define the VLAN on the VSX Gateway before you use SmartConsole to create the VSX Gateway object.
If you selected the custom configuration option, the VSX Cluster Members window appears. In this window, you define the synchronization IP address for each member.
To configure the cluster members:
The VSX Gateway Management page allows you to define several security policy rules that protect the cluster itself. This policy is installed automatically on the new VSX Cluster.
Note - This policy applies only to traffic destined for the cluster. Traffic destined for Virtual Systems, other Virtual Devices, external networks, and internal networks is not affected by this policy. |
The security policy consists of predefined rules covering the following services:
For example, you may wish to allow UDP echo-request
traffic in order to be able to ping VSX Cluster Member from the Management Server.
Click New Source Object to define a new source.
For more about Security Policies, see the R80.20 Security Management Administration Guide.
To complete the VSX Cluster Wizard:
It can take several minutes to complete. A message appears indicating successful or unsuccessful completion of the process.
If the process ends unsuccessfully, click View Report to view the error messages. Refer to the troubleshooting steps for more information
Use the Virtual Switch Wizard to create a new Virtual Switch. You can modify the initial definition and configure advanced options after completing the wizard.
To create a new Virtual Switch:
The General Properties page of the Virtual Switch Wizard opens.
The Add Interface window opens.
You use the Virtual Systems Wizard to create a new Virtual System.
In this example configuration, create Virtual System 1.
You can modify the initial definition and configure advanced options after you complete the wizard.
To start the Virtual System wizard:
The Virtual System Wizard opens.
The General Properties wizard page defines the Virtual System object and the hosting VSX Gateway.
These are the parameters in this page:
The Virtual System Network Configuration page allows you to define internal and external interfaces as well as the IP address topology located behind the internal interface.
To configure the external and internal interfaces:
You can add new interfaces and delete and change existing interfaces.
To add an interface, click Add. The Interface Properties window opens. Select an interface from the list and define is properties. Click Help for details regarding the various properties and options.
For this example, add two interfaces for each Virtual System:
This IP address is usually assigned to the external interface and specifies the Virtual System address used with NAT or VPN connections.
To make an external IP address routable, select the external interface IP address as the main IP address.
Some routes are automatically defined by the interface definitions. For example, you define a default gateway route leading to an external Virtual Router or to the Virtual System external interface.
To manually add a default route to the Routes table, click Add Default Routes. Enter the default route IP address, or select the default Virtual Router. The Route Configuration window opens.
Click Next and then Finish to create the Virtual System. Please note that this may take several minutes to complete. A message appears indicating successful or unsuccessful completion of the process.
If the process ends unsuccessfully, click View Report to view the error messages.
After you create a Virtual System using the Virtual System Wizard, you can modify the topology and all other parameters (except the name of the Virtual System) using the Virtual System Properties window.
Use the Virtual Systems Wizard to create a new Virtual System.
In this example configuration, create Virtual System 2.
Follow the instructions in Step 3 - Creating Virtual Systems 1.
Define the Policy and enable features on the Virtual Systems. The procedures for this are the same as on a Security Gateway.
For more about Security Policies, see the R80.20 Security Management Administration Guide.
To learn more about simplifying security for private clouds using VSX, see the R80.20 VSX Administration Guide.