Configuring the vGW Series Policy per vNIC Feature

This topic explains how to enable and configure the vGW Series Policy per vNIC feature that allows you to define separate policies for individual vNICs attached to the same virtual machine (VM).

Before you read this topic, read Understanding the vGW Series Policy per vNIC Feature.

Note: For VMs that have multiple vNICs, you can still use the default configuration that allows you to use the same policy for all vNICs on your VMs. You are not required to use Policy per vNIC.

You can configure vNICs on the same VM to use:

You cannot disable Policy per vNIC when individual vNICs have active policies applied to them.

Figure 127 shows the Install Settings page that you use to enable vGW Policy per vNIC and define its behavior.

Figure 127: Policy Per vNIC

Policy Per vNIC

To enable Policy per vNIC:

  1. In the Settings module vGW Application Settings section, select Install Settings.
  2. To enable the feature globally, in the Policy Per vNIC pane, select the Enable policy at the vNIC level check box.
  3. Optionally, select the Enable opt-out of firewalling per vNIC check box if you want to secure some vNICs but not others on the same VM. See Configuring Policy per vNIC to Secure Only Some of a VM’s vNICs.

    When new interfaces are added to a VM that includes vNICs that are not secured, the new vNICs are automatically secured. If you want them not to be secured, you must manually unsecure them. The following procedure explains how to remove security from a vNIC.

    If you disconnect a vNIC from a port group, that is, un-selected it, the vNIC becomes unsecured. A warning message on the Installer dialog shows the state of the vNICs.

Caution: If you select “Enable opt-out of firewalling per vNIC” on the Policy Per vNIC pane, vNICs can not be secured individually if they belong to the same port group.

This procedure explains how to remove a security policy from a vNIC, that is, unsecure it. To unsecure a vNIC:

  1. Select the vGW Security Design VM Settings module.
  2. In the vGW Application Settings section, select Installation.
  3. Before you unsecure the vNIC, delete any policies applied to it.
  4. In the Secured Network pane, select the vNIC that you want to leave unsecured, and click the Unsecure arrow.

    The vGW Security Design VM presents a message that asks you whether you want to unsecure the vNIC or the entire VM.

If you add a new vNIC to a VM that contains vNICs that are not secured, the new vNIC is automatically secured. If you want to unsecure it, you must do it manually as explained previously.

You use the Firewall module pages to create and apply policies for vNICs that belong to a VM with multiple vNICs and for which you use the Policy per vNIC feature. Figure 128 shows the Firewall module Apply Policy page for the IT-WWW-DEV VM with multiple vNICs. To apply the policies, you must select the Install check box and click Install (Install All).

For details on how to define individual policies for vNICs, see Configuring and Displaying vGW Policies for Individual vNICs on the Same VM.

Figure 128: Applying Policy to Individual vNICs

Applying Policy to Individual vNICs

Related Documentation