Workflow for Configuring Security Groups

You can configure Security Groups on a Quantum Maestro Orchestrator:

See Summary of Configuration Options.

Workflow:

Step

Instructions

1

Create a new Security Group.

Note - Configure only one of the installed Quantum Maestro Orchestrators. The Quantum Maestro Orchestrators synchronize the configuration automatically with each other.

Best Practice - Configure the First Time Wizard settings in the new Security Group.

2

Assign the applicable Security Appliances to the Security Group.

Important:

  • You can assign only supported Security Appliances to the same Security Group - see sk162373.

  • You must disable SMO Image Cloning in the Security Group before you assign to this Security Group an appliance of a different model than the other assigned appliances (Known Limitation PMTR-71298).

  • Security Appliances assigned to the Security Group automatically reboot after you apply the configuration.

Best Practice for Dual Site - Assign the same number (as possible) of Security Appliances from each site to the Security Group. If a failover occurs between the sites, Security Appliances on the new Active site must be able to process all the traffic.

3

Assign the applicable Quantum Maestro Orchestrator ports to the Security Group:

  • Uplink ports

  • A Management interface

4

Verify and apply the configuration.

5

If you did not configure the First Time Wizard settings when you created a Security Group, you must run the Gaia First Time Configuration Wizard on the Security Group.

  1. With a web browser, connect to the Gaia Portal of the Security Group:

    https://<IP Address of Security Group>

    Important - This connection goes through the Quantum Maestro Orchestrator's management interface you assigned to this Security Group.

  2. The Gaia First Time Configuration Wizard starts.

    Follow the instructions on the screen.