Master NGFW Engine and Virtual NGFW Engine configuration overview

Master NGFW Engine and Virtual NGFW Engine configuration consists of creating Master NGFW Engines and associating Virtual NGFW Engines with the Master NGFW Engines.

By default, a Master NGFW Engine element has placeholders for two nodes when the element is created. A Master NGFW Engine can have 1–16 nodes. If you do not need to use clustering on the Master NGFW Engine, you can remove one of the automatically created nodes.

Note: All Virtual NGFW Engines on the same Master NGFW Engine must have the same Virtual NGFW Engine role (Firewall/VPN, IPS, or Layer 2 Firewall). To use more than one Virtual NGFW Engine role, you must create a separate Master NGFW Engine for each Virtual NGFW Engine role. Each Master NGFW Engine must be on a separate physical Master NGFW Engine appliance.
The configuration consists of the following general steps:
  1. Generate and install NGFW Engine licenses for the Master NGFW Engine.
  2. Create a Master NGFW Engine element.
  3. Create a Virtual Resource element.
  4. Configure Physical or VLAN Interfaces for the Master NGFW Engine and assign Virtual Resources to the interfaces.
  5. Create Virtual NGFW Engine elements.
  6. Configure Physical, VLAN, or Tunnel Interfaces for the Virtual NGFW Engines.
  7. Configure routing for the Master NGFW Engine and for Virtual Firewalls.
    Note: You cannot configure routing for Virtual IPS engines or Virtual Layer 2 Firewalls.
  8. Install or refresh the policy on the Master NGFW Engine to transfer changes to the Master NGFW Engine’s Physical/VLAN Interfaces and the mapping of Virtual NGFW Engines to Master NGFW Engine Interfaces.
  9. Install or refresh the policy on the Virtual NGFW Engines.