Configuring the vGW Series Network Settings

This topic covers the Settings module Appliance Settings > Network Settings > Network Configuration page that allows you to change the name of the vGW Security Design VM, the default DNS settings, and the IPv4 or IPv6 default address parameters that are set during installation. It explains how to configure the vGW Security Design VM not to use dual stack.

The Network Configuration Page

The vGW Security Design VM uses its Interface 1 virtual NIC (vNIC) for management communication with vGW Security VMs. This interface must be reachable by the management vNICs of all vGW Security VMs. By default, the vGW Security Design VM’s Interface 1 is configured for dual stack with DHCP configured to acquire its IPv4 address and DHCPv6 configured to acquire its IPv6 address. Figure 148 shows the Network Configuration page that you can use to change these values.

Figure 148: Network Configuration Settings

Network Configuration Settings

You can change the default configuration in these ways:

Warning: Do not change the Network Settings during any configuration that involves vGW Security Design VM interaction with VMware vCenter. This includes installing, un-installing, or updating the vGW Security Design VM or a firewall (vGW Security VM).

Changing the Host Name and DNS Settings

You can change the name of the vGW Security Design VM and the default DNS settings using the following sections and their fields on the Network Configuration page.

Configuring Addresses for the vGW Security Design VM Interface for Communication With vGW Security VMs

By default, the vGW Security Design VM’s Interface 1 is configured for dual stack support with DHCP configured to acquire its IPv4 address and DHCPv6 configured to acquire its IPv6 address.

This section covers how to change the default IP address parameters configured for Interface 1.

Changing the Way vGW Security Design VM Acquires Its Interface 1 IP Addresses

Select how you want vGW Security Design VM to acquire its IPv4 and IPv6 addresses from the lists associated with the following fields:

Note: By default, a dual stack vGW Security Design VM communicates with a vGW Security VM using the IPv4 protocol. However, you can use the vGW CLI to change the default IP protocol used by setting the center.dual.stack.default.communication.ipv4 parameter to false.

center.dual.stack.default.communication.ipv4=false

By default, this parameter is set to true.

This parameter is relevant only if the vGW Security Design VM is configured for dual stack and one or more vGW Security VMs is also configured for dual stack. In all other cases, the protocol used is the one that is common to both the vGW Security Design VM and the vGW Security VM, and this parameter is irrelevant.

Configuring the vGW Security Design VM Not to Use Dual Stack

By default, the vGW Security Design VM is configured for dual stack so that it can communicate with vGW Security VMs that have either IPv4 or IPv6 addresses. You can change the configuration causing it to use either IPv4 addressing or IPv6 addressing alone for communication with vGW Security VMs.

Use the following fields in the Network Configuration Interface 1 pane to cause the vGW Security VM to use a single IP address:

In an environment in which the vGW Security Design VM is configured for dual stack communication between the vGW Security Design VM and vGW Security VMs, problems should not exist. Some vGW Security VMs might have IPv4 addresses while others have IPv6 addresses. The environment might also include a standby, or secondary, vGW Security Design VM used for high availability with either type of IP address and that, too, would pose no problems with a dual stack vGW Security Design VM. The vGW Security Design VM can communicate using either protocol.

In environments in which vGW Security VMs and the vGW Security Design VM standby device are configured for dual stack and the primary vGW Security Design VM is not, communication problems should also not exist. Regardless of the type of IP address bound to the vGW Security Design VM’s management interface, it would be able to communicate with the management interface of the vGW Security VM or the standby device using their IP address of the same protocol family type.

However, problems will occur if you change the dual stack configuration for the vGW Security Design VM so that it has only one IP address assigned to its Interface 1 vNIC and the management interfaces of the vGW Security VMs and the standby vGW Security VM are configured with only one IP address whose type differs from that of the vGW Security Design VM. For example, if you change the configuration so that the vGW Security Design VM’s Interface 1 has only an IPv6 assigned to it, communication problems with any vGW Security VMs with IPv4 addresses will occur. That holds true for the standby vGW Security Design VM also, if one was configured and it had an IPv4 address bound to it. It also holds true for a secondary vGW Security VM, if one was configured with a single IP address that differed in type from the single IP address configured for the management interface of the vGW Security Design VM with which it was intended to communicate.

In circumstances where the IP address types differ, vGW Series presents the following error messages:

Related Documentation