Create Virtual Resource elements
Virtual Resources associate Virtual NGFW Engines with Physical Interfaces or VLAN Interfaces on the Master NGFW Engine.
When you select the same Virtual Resource for a Physical Interface or VLAN Interface on the Master NGFW Engine and for a Virtual NGFW Engine, the Virtual NGFW Engine is automatically associated with the Master NGFW Engine. Create one Virtual Resource for each Virtual NGFW Engine that you plan to add.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Select Configuration.
- Right-click the Master NGFW Engine element, then select Edit Master NGFW Engine.
- Browse to .
- Click Add.
- Configure the settings.
- Click OK.
- Click Save.
Next steps
- If you are creating a Master NGFW Engine, configure Master NGFW Engine interfaces.
- Associate the Virtual Resource with a Master NGFW Engine interface and with a Virtual NGFW Engine.
Engine Editor — Interfaces — Virtual Resources
Use this branch to add Virtual Resources to the Master NGFW Engine.
Option | Definition |
---|---|
Add | Adds a Virtual Resource to the Master NGFW Engine. Opens the Virtual Resource Properties dialog box. |
Edit | Allows you to change the properties of the selected Virtual Resource. Opens the Virtual Resource Properties dialog box. |
Remove | Deletes the selected Virtual Resource. |
Virtual Resource Properties dialog box
Use this dialog box to define Virtual Resource element properties.
Option | Definition |
---|---|
Name | The name of the element. |
Virtual Engine ID | Shows the ID of the Virtual Engine for which the Virtual Resource element allocates resources on the Master NGFW Engine. The Virtual Engine ID is automatically assigned. |
Comment (Optional) |
A comment for your own reference. |
Domain | The Domain to which the Virtual Resource element belongs. |
Concurrent Connection Limit | A limit for the total number of connections that are allowed for the Virtual NGFW Engine associated with the Virtual Resource. When the set number of connections is reached, the engine blocks the next connection attempts until a previously open connection is closed. |
Throughput Limit | Enter the throughput limit in megabits per second for traffic passing through this Virtual NGFW Engine. When the limit is
reached, the QoS feature queues traffic to keep the rate at the limit. The Throughput Limit value in the Virtual Resource overrides the Interface Throughput Limit value set for the associated Virtual NGFW Engine. The throughput limit in the Virtual Resource is also shared by all the interfaces. For example, if the throughput limit is 1000 Mbps, and the Virtual NGFW Engine has three interfaces, the total throughput for all three interfaces is 1000 Mbps. If there is a QoS Policy set for the Virtual NGFW Engine, the policy handles the prioritization as normal. Note: If a Virtual Resource has a throughput limit defined, the interfaces on the Virtual NGFW Engine that use a QoS policy all use the same policy. The policy used in the first interface is used for all the interfaces.
|
Rate Limit | Enter the rate limit in megabits per second for traffic passing through this Virtual NGFW Engine. When the limit is reached,
packets are dropped to keep the rate at the limit. This option protects the other Virtual NGFW Engines hosted by the Master
NGFW Engine by ensuring that a single Virtual NGFW Engine does not consume
all the resources during a denial of service attack, for example. The rate limit must be higher than the throughput limit, so that the speed is gracefully slowed down before starting to drop packets. Note: The current rate is estimated. When detecting the current rate, there can be variance of plus or minus
5%.
|
Interface Mapping table | Lists the interfaces of the Master NGFW Engine that are associated with the Virtual Resource. |
Show Master Interface IDs in Virtual Engine | Select if you want the Physical Interface IDs of the Master NGFW Engine to be shown in the Interface properties of the Virtual NGFW Engine. |