Setting Up vGW Series

After you download and integrate vGW Series with the VMware environment and power on the vGW Security Design VM, you can configure its basic system parameters. This topic explains how to connect to the vGW Series Security Design VM to configure basic settings. It describes how to use the vGW Series wizard to configure those settings initially.

This topic includes the following sections:

Determining the vGW Security Design VM’s Default IP Address

To access the vGW Security Design VM, you enter its IP address in a supported Web browser.

When you powered on the vGW Security Design VM during vGW Series integration with VMware, which is described in Using the OVA Bundled Method to Integrate vGW Series with the VMware Infrastructure, it acquired an IP address that you can view on the vCenter Summary page.

By default, the vGW Security Design VM is configured to use IPv4 DHCP to acquire its address. If problems occur and it cannot obtain an IP address in this manner, it tries other methods. In order, these are the three methods that the vGW Security Design VM uses in an attempt to obtain an IP address:

To view the IP address bound to the vGW Security Design VM:

  1. Launch the VMware vSphere Client, and select the vGW Security Design VM icon on the left navigation pane.
  2. Select the Summary tab.

    The IP address that was acquired appears in the IP Addresses: field. See Figure 21.

    Figure 21: Viewing the vGW Security Design VM IP Address in VMware

    Viewing the vGW Security Design VM
IP Address in VMware

After you have obtained the IP address, follow the instructions in Connecting to the vGW Security Design VM and Configuring Basic Settings to configure the basic settings.

Changing or Setting the IP Address for the vGW Security Design VM

You can use the vGW Series command-line interface (CLI) to set the IP address for the vGW Security Design VM.

To use the vGW Series CLI from the vCenter console:

  1. Launch the VMware vSphere Client.
  2. Right-click the vGW Security Design VM icon on the left navigation panel to display a list of options.
  3. Select the third option on the list, Open Console. Alternatively you can select the Console tab, as shown in Figure 22.

    The console window appears.

    Figure 22: vGW Security Design VM IP Addresses on the vGW Series CLI Console

    vGW Security Design VM IP Addresses
on the vGW Series CLI Console
  4. At the CLI prompt enter config network. In this mode you can configure the IP address for the vGW Security Design VM. You can specify an IP address for either IP protocol family. See Figure 23.

    Figure 23: Configuring an IP Address for the vGW Security Design VM

    Configuring an IP Address for the
vGW Security Design VM
  5. In response to the prompt What type of IP address do you want to set? enter the number preceding the type of IP address that you want to be assigned to the vGW Security Design VM and how it is to be acquired.

    For example, the administrator might enter 4 for 4) ipv6 autoconfiguration.

  6. The vGW CLI gives you the opportunity to cancel by presenting the prompt Are you sure?. If you enter y for y(es), vGW Series shuts down the interface and brings it back up with the new IP address.

Connecting to the vGW Security Design VM and Configuring Basic Settings

This section explains how to set up the vGW Security Design VM initially.

  1. Using a supported Web browser, connect to the vGW Security Design VM management interface through HTTPS. Enter the IP address of the vGW Security Design VM in the Web browser.

    This is the IP address that was assigned when you powered on the vGW Security Design VM.

    vGW Series supports the following Web browsers:

    • Microsoft Internet Explorer 7, 8, and 9
    • Mozilla Firefox 3 or later
  2. Enter admin for both the username and password. See Figure 24.

    Figure 24: Logging In to the vGW Security Design VM

    Logging In to the vGW Security Design
VM
  3. Read the information message, and review the process overview shown in the Wizard Progress pane. See Figure 25.

    Figure 25: vGW Series Installation Wizard Overview

    vGW Series Installation Wizard Overview
  4. Change the default vGW global administrator account password—admin—that you used to log in.

    You must change the default password. See Figure 26. Store the new password in a secure location. It is difficult to recover a lost or forgotten global administrator account password. If you wish, you can change the password that you specify here later, but to do so you must enter your current password, which would be the one that you configured here.

    Tip: You can integrate administration accounts with the vGW Security Design VM after the installation is completed. For information on how to do that later, see Adding New vGW Series Administrator Definitions, Permissions, and Authentication Using the Settings Module.

    Figure 26: Changing the Default Password

    Changing the Default Password
  5. Configure networking parameters for the vGW Security Design VM.

    Note: If you changed the IP address, you must log in to the system again. Changes to the IP address take effect immediately.

    Set the correct destination network for the vGW Security Design VM and leave the VMsafe Network unchanged. At this point you can configure other network information for the vGW Security Design VM, such as whether to use dual stack for it and how it obtains its management interface addresses.

    A dual-stack device can connect to an IPv4-only device or an IPv6-only device, or it can connect to another device that implements dual stack.

    For its management interface addressing mode, either accept the default dual stack values of DHCP for IPv4 and DHCPv6 for IPv6 or change the values by selecting:

    • IPv4
      • DHCP (Default): To obtain an IPv4 address, by default the vGW Security Design VM is configured to use DHCP. You do not need to specify additional information.
      • Static IP. If you select Static IP, you must specify a static IPv4 address and its network mask routing prefix, and the default gateway to assign to the vGW Security Design VM.
    • IPv6
      • DHCPv6 ( Default): To obtain an IPv6 address, by default the vGW Security Design VM is configured to use DHCPv6. You do not need to specify additional information.
      • Autoconfiguration. If you select Autoconfiguration, stateless address autoconfiguration is used to obtain the IPv6 address. It allows network devices attached to an IPv6 network to automatically acquire IP addresses and connect to the Internet without intermediate interaction with a DHCPv6 server.
      • Static IP. If you select Static IP, you must specify a static IPv6 address, including the IPv6 address prefix (the initial bits of the address that denote the network address, akin to a netmask), and the default gateway to use for it.

    Note: By default, a dual stack vGW Security Design VM communicates with a vGW Security VM using the IPv4 protocol. However, you can use the vGW CLI to change the default IP protocol used by setting the center.dual.stack.default.communication.ipv4 parameter to false.

    center.dual.stack.default.communication.ipv4=false

    By default, this parameter is set to true.

    This parameter is relevant only if the vGW Security Design VM is configured for dual stack and one or more vGW Security VMs is also configured for dual stack. In all other cases, the protocol used is the one that is common to both the vGW Security Design VM and the vGW Security VM, and this parameter is irrelevant.

    If you do not want the vGW Security Design VM to be configured for dual stack which is its default configuration, you can change the configuration in the following way:

    • To use only IPv4 for vGW Security Design VM management communication with its vGW Security VMs, disable IPv6. On the displayed list for the IPv6: box, select Disabled.
    • To use only IPv6 for vGW Security Design VM management communication with its vGW Security VMs, disable IPv4. On the displayed list for the IPv4: box, select Disabled.

    How you configure addressing for the vGW Security Design VM management center affects its communication with its vGW Security VMs in the following way:

    • In an environment in which both the vGW Security Design VM and the vGW Security VM are configured for dual stack, communication problems between the vGW Security Design VM management interface and that of the vGW Security VMs should not occur.
    • In an environment in which the vGW Security Design VM is configured for dual stack but one or more of the vGW Security VMs is not, communication problems between their management interfaces should not occur.
    • In an environment in which the vGW Security Design VM is not configured for dual stack but all of the vGW Security VMs are, communication problems between their management interfaces should not occur.
    • In an environment in which neither the vGW Security Design VM nor one or more vGW Security VM is configured for dual stack, in any case in which the IP address type of the management interfaces of the vGW Security Design VM and the vGW Security VM differ–one might belong to the IPv6 protocol family and the other to the IPv4 protocol family–communication problems will occur. The vGW Security Design VM will not be able to connect to the vGW Security VM to carry out any procedures.

    You can make these changes during the installation process, as shown Figure 27, or you can make them later, after you complete the initial configuration.

    Figure 27: Configuring Network Settings for the vGW Security Design VM

    Configuring Network Settings for the vGW
Security Design VM

    In the latter case, you use the Settings module Appliance Settings > Network Settings page, which is the same page shown in Figure 27, only it is arrived at differently. For additional details, see Configuring the vGW Series Network Settings.

    Note: If you changed the IP address, you must log in to the system again. Changes to the IP address take effect immediately.

  6. Set the system time.

    Set the correct time zone, and then specify the NTP servers for your environment. See Figure 28.

    vGW Series components require that the correct system time be set on all ESX/ESXi hosts.

    • If you do not have an NTP server, you can use a predefined server.
    • If you do not have outbound Internet access to contact the NTP servers and you do not have an internal NTP server, then you must clear all entries shown in this window and set the time manually.

      To do this, you use the vGW Series CLI that you run from the vCenter console.

      Figure 28: Configuring the Time Server

      Configuring the Time Server

    At this point, the wizard determines if the database disk was created and initialized properly. If you have not defined the database disk properly, the wizard displays a message.

    Next, the wizard prompts you for license information, as shown in Figure 29.

    Figure 29: Configuring vGW Series Product Licensing

    Configuring vGW Series Product Licensing

    If you are using a 30-day evaluation license, you can continue to use vGW Series in that mode. Instead, you can enter one or more permanent licenses or specify a long-term evaluation license. To enter a permanent or extended evaluation license, click Enter Permanent or long term evaluation License(s) and enter the license information. See Figure 30.

    Figure 30: Configuring Permanent Licenses

    Configuring Permanent Licenses
  7. Select the management domain, or scope, for this vGW Security Design VM to manage, and verify that the vGW Security Design VM can establish a connection to vCenter. Then click Next Step.

    For the vGW Series to query the vCenter for the VM inventory and other operations, you must have an account with read/write access.

    • If the connection works properly, a message appears stating that the login was successful, and it identiies the number of ESX/ESXi hosts and VMs that were discovered.
    • If there is a connection issue, you are notified. In that case, ensure that you have the correct credentials and that IP connectivity to the vCenter exists.

    In some cases, you may need to insert another vNIC into the vGW Security Design VM. You must connect that vNIC to the network that connects to the vCenter server.

    To configure a management domain:

    • If this vGW Security Design VM will manage all of the vCenter’s resources, select Entire vCenter.
    • If this vGW Security Design VM will participate in a Split-Center configuration, select the data centers or the host clusters for this vGW Security Design VM to manage. To select host clusters, first select the data center that the host clusters belong to.

      For information on Split-Center and its configuration options, see Understanding the vGW Series Split-Center Feature.

    Figure 31 shows that this vGW Security Design VM is configured to manage two host clusters in Datacenter-B.

    Figure 31: Configuring the vGW Security Design VM vCenter Settings

    Configuring the vGW Security Design
VM vCenter Settings
  8. (Optional) Configure the e-mail server to use to send reports.

    Using this option, you can configure vGW Series to send reports on system activity through e-mail. Additionally, you can configure basic information used in the report, such as the subject and the content of standard report e-mail. After you configure these parameters, you can test the e-mail connection.

    You can also use the Settings module vGW Application Settings > E-Mail and Reporting page to configure this information after the installation is completed.

  9. Define a template to use to instantiate vGW Security VMs on ESX/ESXi hosts to secure them.

    If you have not downloaded the vGW Security VM and converted it to a template, do so now. You can define how the vGW Series responds when a VM tries to connect to an ESX/ESXi host on which the kernel module cannot be loaded or is not present.

    You can define whether monitoring is used. Unless you plan to deploy the product in monitor mode, leave the Monitoring-only option for VMsafe unchecked. Also, unless you want to drop network traffic to VMs when the vGW Series fails to load, you should leave the default option of Allow All traffic selected. You can change this option later if you want to change the behavior for one or more VMs.

  10. Click Done to complete the vGW Security Design VM setup.

    The vGW Security Design VM appears. You use this module to deploy vGW Security VMs to the ESX/ESXi hosts to be secured, to configure other vGW Series features, and to view specific and summary results information and reports.

Related Documentation