Configuring Global Settings Using the vGW Series Settings Module (VMware)

This topic covers vGW Series Global settings. This topic includes the following sections:

vGW Series Global Settings Overview

The Settings module Security Settings > Global page allows you to identify the external inspection devices to send traffic to for further analysis, a Syslog server to use for external logging, global rules, and NetFlow configuration information that identifies where to send connection flow data. It also allows you to specify whether to allow or drop certain types of traffic, such as non-IP traffic.

Global settings that you configure apply to all vGW Security VMs unless you configure different information for a particular vGW Security VM. For details on using the Settings > Security Settings > Security VM Settings page to override the global configuration for individual vGW Security VMs, see Understanding the vGW Security VM Settings.

Figure 136 shows the Global page.

Figure 136: Global Settings Page

Global Settings Page

Global Settings

The Global settings page contains the following panes:

vGW Series IPv6 Support and Global Settings

vGW Series supports both IPv4 and IPv6 addresses. During a transition period, an environment might include components with a mix of both types of addresses.

Externally configured entities, whether a Syslog server, a NetFlow collector, or an external inspection device, must be routable over IPv4, IPv6 or both types of infrastructures from every configured vGW Security VM to every configured external entity.

It can happen that some vGW Security VMs might be assigned IPv4 addresses while others might be assigned IPv6 addresses. For example:

It might be the case that addresses assigned to Syslog, GRE, or Netflow servers and the vGW Security VMs that need to connect to them to send them data belong to different IP protocol families. For example, syslog-server-1 might be assigned the IPv6 address 0680::0202:b3ff:fe1e:8329 whereas vgw-svm12 might be assigned the IPv4 address

Note: If a server is identified by its DNS name, the vGW Security VMs will connect and send information to the correct, resolved address: vGW Security VMs with IPv4 addresses will send data to the matching A record and vGW Security VMs with IPv6 addresses will send data to the matching AAAA record.

In cases where the IP protocol families differ, the following results occur:

Related Documentation