Installing a VSX Gateway
|
Notes:
|
Procedure:
-
Install the VSX Gateway
Step
Instructions
1
Install the Gaia Operating System:
2
3
During the First Time Configuration Wizard, you must configure these settings:
-
In the Installation Type window, select Security Gateway and/or Security Management.
-
In the Products window:
-
In the Products section, select Security Gateway only.
-
In the Clustering section, clear Unit is a part of a cluster, type.
-
-
In the Dynamically Assigned IP window, select the applicable option.
-
In the Secure Internal Communication window, enter the applicable Activation Key (between 4 and 127 characters long).
4
Install a valid license.
-
-
Configure the VSX Gateway object in SmartConsole
-
The steps below are only for a Clean Install of a new VSX Gateway. To configure a VSX Gateway that failed, see the R80.40 VSX Administration Guide > Chapter Command Line Reference > Section vsx_util > Section vsx_util reconfigure.
-
The steps below are for the Dedicated Management Interfaces (DMI) configuration. For the non-DMI configuration, see the R80.40 VSX Administration Guide.
Step
Instructions
1
Connect with SmartConsole to the Security Management Server or Main Domain Management Server that should manage this VSX Gateway.
2
From the left navigation panel, click Gateways & Servers.
3
Create a new VSX Gateway object in one of these ways:
-
From the top toolbar, click the New () > VSX > Gateway.
-
In the top left corner, click Objects menu > More object types > Network Object > Gateways and Servers > VSX > New Gateway.
-
In the top right corner, click Objects Pane > New > More > Network Object > Gateways and Servers > VSX > Gateway.
The VSX Gateway Wizard opens.
4
On the VSX Gateway General Properties (Specify the object's basic settings) page:
-
In the Enter the VSX Gateway Name field, enter the applicable name for this VSX Gateway object.
-
In the Enter the VSX Gateway IPv4 field, enter the same IPv4 address that you configured on the Management Connection page of the VSX Gateway's First Time Configuration Wizard.
-
In the Enter the VSX Gateway IPv6 field, enter the same IPv6 address that you configured on the Management Connection page of the VSX Gateway's First Time Configuration Wizard.
-
In the Select the VSX Gateway Version field, select R80.40.
-
Click Next.
5
On the VSX Gateway General Properties (Secure Internal Communication) page:
-
In the Activation Key field, enter the same Activation Key you entered during the VSX Gateway's First Time Configuration Wizard.
-
In the Confirm Activation Key field, enter the same Activation Key again.
-
Click Initialize.
-
Click Next.
If the Trust State field does not show Trust established, perform these steps:
-
Connect to the command line on the VSX Gateway.
-
Make sure there is a physical connectivity between the VSX Gateway and the Management Server (for example, pings can pass).
-
Run:
cpconfig
-
Enter the number of this option:
Secure Internal Communication
-
Follow the instructions on the screen to change the Activation Key.
-
In SmartConsole, on the VSX Gateway General Properties page, click Reset.
-
Enter the same Activation Key you entered in the
cpconfig
menu. -
In SmartConsole, click Initialize.
6
On the VSX Gateway Interfaces (Physical Interfaces Usage) page:
-
Examine the list of the interfaces - it must show all the physical interfaces on the VSX Gateway.
-
If you plan to connect more than one Virtual System directly to the same physical interface, you must select VLAN Trunk for that physical interface.
-
Click Next.
7
On the Virtual Network Device Configuration (Specify the object's basic settings) page:
-
You can select Create a Virtual Network Device and configure the first applicable Virtual Network Device at this time (we recommend to do this later) - Virtual Switch or Virtual Router.
-
Click Next.
8
On the VSX Gateway Management (Specify the management access rules) page:
-
Examine the default access rules.
-
Select the applicable default access rules.
-
Configure the applicable source objects, if needed.
-
Click Next.
Important - These access rules apply only to the VSX Gateway (context of VS0), which is not intended to pass any "production" traffic.
9
On the VSX Gateway Creation Finalization page:
-
Click Finish and wait for the operation to finish.
-
Click View Report for more information.
-
Click Close.
10
Examine the VSX configuration:
-
Connect to the command line on the VSX Gateway.
-
Log in to the Expert mode.
-
Run:
vsx stat -v
11
Open the VSX Gateway object.
12
On the General Properties page, click the Network Security tab.
13
Enable the applicable Software Blades for the VSX Gateway object itself (context of VS0).
Refer to:
-
sk106496: Software Blades updates on VSX R75.40VS and above - FAQ
-
Applicable Administration Guides on the R80.40 Home Page.
14
Click OK to push the updated VSX Configuration.
Click View Report for more information.
15
Examine the VSX configuration:
-
Connect to the command line on the VSX Gateway.
-
Log in to the Expert mode.
-
Run:
vsx stat -v
16
Install the default policy on the VSX Gateway object:
-
Click Install Policy.
-
In the Policy field, select the default policy for this VSX Gateway object.
This policy is called:
<Name of VSX Gateway object>_VSX
-
Click Install.
17
Examine the VSX configuration:
-
Connect to the command line on the VSX Gateway.
-
Log in to the Expert mode.
-
Run:
vsx stat -v
18
Configure the applicable Threat Prevention Policy for this VSX Gateway.
19
Install the applicable Threat Prevention Policy on the VSX Gateway object:
-
Click Install Policy.
-
In the Policy field, select the applicable Threat Prevention Policy for this VSX Gateway object.
-
Click Install.
20
Examine the VSX configuration:
-
Connect to the command line on the VSX Gateway.
-
Log in to the Expert mode.
-
Run:
vsx stat -v
-
-
Configure the Virtual Devices and their Security Policies in SmartConsole
Step
Instructions
1
Connect with SmartConsole to the Security Management Server, or each Target Domain Management Server that should manage each Virtual Device.
2
Configure the applicable Virtual Devices on this VSX Gateway.
3
Configure the applicable Access Control Policies for these Virtual Devices.
4
Install the configured Access Control Policies on these Virtual Devices.
5
Examine the VSX configuration:
-
Connect to the command line on the VSX Gateway.
-
Log in to the Expert mode.
-
Run:
vsx stat -v
6
Configure the applicable Threat Prevention Policies for these Virtual Devices.
7
Install the configured Threat Prevention Policies on these Virtual Devices.
8
Examine the VSX configuration:
-
Connect to the command line on the VSX Gateway.
-
Log in to the Expert mode.
-
Run:
vsx stat -v
-
For more information, see the:
-
Applicable Administration Guides on the R80.40 Home Page.