Configuring the vGW Series Policy-per-vNIC Feature

This topic explains how to enable and configure the vGW Series Policy-per-vNIC feature that allows you to define separate policies for individual vNICs attached to the same guest virtual machine (VM).

Before you read this topic, read Understanding the vGW Series Policy-per-vNIC Feature.

You can still use the default configuration that allows you to use the same policy for all vNICs on your VMs.

You can configure vNICs on the same VM to use:

Note: If you use the Policy-per-vNIC feature for a VM and define separate policies for some VMs, you cannot apply the same policy to other vNICs on the same VM.

To enable Policy-per-vNIC:

  1. Select the Settings module.
  2. In the vGW Application Settings section, select Install Settings.
  3. To enable the feature globally, in the Policy Per vNIC pane, select the check box before Enable policy at the vNIC level. See Figure 94.

    Figure 94: Enabling the Policy-per-vNIC Feature

    Enabling the Policy-per-vNIC Feature
  4. Optionally, check the Enable opt-out of firewalling per vNIC box if you want to secure some vNICs but not others on the same VM. See Configuring the Secure-per-vNIC Component of Policy-per-vNIC.

    When new interfaces are added to a VM that includes vNICs that are not secured, the new vNICs are automatically secured. If you want them not to be secured, you must manually unsecure them. The following procedure explains how to remove security from a vNIC.

Caution: If you select “Enable opt-out of firewalling per vNIC” on the Policy Per vNIC pane, vNICs can not be secured individually if they belong to the same port group.

For details on how to define individual policies for vNICs, see Configuring and Displaying vGW Policies for Individual vNICs on the Same VM.

This procedure explains how to remove a security policy from a vNIC, that is, unsecure it. To unsecure a vNIC:

  1. Select the vGW Security Design VM Settings module.
  2. In the vGW Applications Settings section, select Installation.
  3. Before you unsecure the vNIC, delete any policies applied to it.
  4. In the Secured Network pane, select the vNIC that you want to leave unsecured, and click the Unsecure arrow.

    The vGW Security Design VM presents a message that asks you whether you want to unsecure the vNIC or the entire VM.

Note: If you add a new vNIC to a VM that contains vNICs that are not secured, the new vNIC is automatically secured. If you want to unsecure it, you must do it manually as explained previously.

If, in the Install UI, you disconnect a vNIC from a port group (un-selected it), the vNIC becomes unsecured. A warning message on the Installer dialog shows the state of the vNICs.

Related Documentation