Create Virtual Resource elements

Virtual Resources associate Virtual NGFW Engines with Physical Interfaces or VLAN Interfaces on the Master NGFW Engine.

When you select the same Virtual Resource for a Physical Interface or VLAN Interface on the Master NGFW Engine and for a Virtual NGFW Engine, the Virtual NGFW Engine is automatically associated with the Master NGFW Engine. Create one Virtual Resource for each Virtual NGFW Engine that you plan to add.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Right-click the Master NGFW Engine element, then select Edit Master NGFW Engine.
  3. Browse to Interfaces > Virtual Resources.
  4. Click Add.
  5. Configure the settings.
  6. Click OK.
  7. Click Save.

Next steps

Continue the configuration in one of the following ways:
  • Configure Master NGFW Engine interfaces.
  • Associate the Virtual Resource with a Master NGFW Engine interface and with a Virtual NGFW Engine.

Engine Editor > Interfaces > Virtual Resources

Use this branch to add Virtual Resources to the Master NGFW Engine.

Option Definition
Add Adds a Virtual Resource to the Master NGFW Engine. Opens the Virtual Resource Properties dialog box.
Edit Allows you to change the properties of the selected Virtual Resource. Opens the Virtual Resource Properties dialog box.
Remove Deletes the selected Virtual Resource.

Virtual Resource Properties dialog box

Use this dialog box to define Virtual Resource element properties.

Option Definition
Name The name of the element.
Virtual Engine ID Shows the ID of the Virtual Engine for which the Virtual Resource element allocates resources on the Master NGFW Engine. The Virtual Engine ID is automatically assigned.
Comment

(Optional)

 A comment for your own reference.
Domain The Domain to which the Virtual Resource element belongs.
Note: If the Virtual Resource is already associated with a Virtual NGFW Engine, you cannot change the Domain from this dialog box. Instead, move the Virtual NGFW Engine to another Domain using the Move to Domain tool in the Virtual NGFW Engine’s right-click menu. Moving the Virtual NGFW Engine to another Domain automatically moves the Virtual Resource to the same Domain.
Concurrent Connection Limit A limit for the total number of connections that are allowed for the Virtual NGFW Engine associated with the Virtual Resource. When the set number of connections is reached, the engine blocks the next connection attempts until a previously open connection is closed.
Throughput Limit Enter the throughput limit in megabits per second for traffic passing through this Virtual NGFW Engine. When the limit is reached, the QoS feature queues traffic to keep the rate at the limit.

The Throughput Limit value in the Virtual Resource overrides the Interface Throughput Limit value set for the associated Virtual NGFW Engine. The throughput limit in the Virtual Resource is also shared by all the interfaces. For example, if the throughput limit is 1000 Mbps, and the Virtual NGFW Engine has three interfaces, the total throughput for all three interfaces is 1000 Mbps.

If there is a QoS Policy set for the Virtual NGFW Engine, the policy handles the prioritization as normal.

Note: If a Virtual Resource has a throughput limit defined, the interfaces on the Virtual NGFW Engine that use a QoS policy all use the same policy. The policy used in the first interface is used for all the interfaces.
Rate Limit Enter the rate limit in megabits per second for traffic passing through this Virtual NGFW Engine. When the limit is reached, packets are dropped to keep the rate at the limit. This option protects the other Virtual NGFW Engines hosted by the Master NGFW Engine by ensuring that a single Virtual NGFW Engine does not consume all the resources during a denial of service attack, for example.

The rate limit must be higher than the throughput limit, so that the speed is gracefully slowed down before starting to drop packets.

Note: The current rate is estimated. When detecting the current rate, there can be variance of plus or minus 5%.
Interface Mapping table Lists the interfaces of the Master NGFW Engine that are associated with the Virtual Resource.
Show Master Interface IDs in Virtual Engine Select if you want the Physical Interface IDs of the Master NGFW Engine to be shown in the Interface properties of the Virtual NGFW Engine.