Configuring and Displaying vGW Policies for Individual vNICs on the Same VM

This topic covers how to configure policy rules for individual vNICs that belong to the same virtual machine (VM) when the Policy–per-vNIC feature is enabled. It also explains how vNICs are displayed in the VM Tree. You use the Firewall module of the vGW Security Design VM to configure and apply policies to vNICs.

When Policy-per-vNIC is enabled and multiple vNICs for the same VM have been configured they are presented in the VM Tree nested beneath the VM that they belong to.

The VM Tree displays the state of a vNIC in the following ways:

When Policy-per-vNIC is enabled, the Apply Policy table reflects the vNIC configuration in the following way:

You use the Firewall module Manage Policy tab to add rules for individual vNICs in the same way that you configure other policy rules.

This procedure explains how to define policies for the following example. For additional details on how firewall policy rules are configured, see Understanding and Using the vGW Series Firewall Module.

This example assumes that the Policy-per-vNIC feature is enabled. For details on how to enable Policy-per-vNIC, see Configuring the vGW Series Policy-per-vNIC Feature. The example assumes that the administrator wants to configure separate policies for each of the following three vNICs on a VM called MIS-Fileserver that is used as a file server:

To configure policies for these vNICs:

  1. In the vGW Security Design VM, select the Firewall module.
  2. In the VM Tree, locate the MIS-Fileserver VM, and expand it to display the vNICs.
  3. Select vNIC1.

    When you select the vNIC, the policy screen for it is displayed. The policy is called vNIC Policy for MIS-Fileserver-vNIC1.

  4. Beneath the Global Policy line is a line labeled “vNIC Policy for MIS-Fileserver-vNIC1” that allows space for you to enter a policy rule for the vNIC.

    Click Add.

  5. In the Sources column for the rule, leave Any.
  6. In the Protocols column for the rule, click Any to display a list of protocols.
    1. In the Filter box, enter https. The list is scrolled to https (443/tcp). Select it and click the right-facing Arrow to move it to the Selected Protocols box.
    2. In the Filter box, enter ssh. The list is scrolled to ssh(22/tcp). Select it and click the right-facing Arrow to move it to the Selected Protocols box.

    Click Save.

When Policy-per-vNIC is enabled, the Apply Policy table contains an additional column to indicate policy state for the vNIC.

Related Documentation