IP addresses for IPS engines
You can add IP addresses to system communication interfaces on IPS engines.
- A Physical Interface can have one or more static or dynamic IP addresses. A Physical Interface can have multiple dynamic IP addresses only if you add VLAN Interfaces on the Physical Interface and the VLAN Interfaces each have a dynamic IP address. Otherwise, a Physical Interface can only have a single dynamic IP address.
- A VLAN Interface can have one or more static IP addresses or a single dynamic IP address.
When a Normal Interface is used for communication with the Management Server, as the Heartbeat Interface in an IPS Cluster, or for communication with the Log Server, an IP Address is needed. When the same Normal Interface that is used for communication with the Management Server and Log Server is also used as a Reset Interface for sending TCP Reset responses, it can have an IP address. When a Normal Interface is used only as a Reset Interface, it must not have an IP address.
All nodes in an IPS Cluster must have the same netmask value for the IP address of their respective Normal Interfaces. The IP addresses specified for each node are used whenever the nodes need to be contacted individually.
You might need to define a contact address if you enter a private static address and NAT is used to translate it to a different external IP address. The external IP address must be configured as the contact address if other SMC components need to use the external IP address to contact the engine.