Configuring the vGW Series Network Settings

This topic covers the Settings module Appliance Settings > Network Settings > Network Configuration page that allows you to change the name of the vGW Security Design VM, the default DNS settings, and the IPv4 or IPv6 default address parameters that are set during installation. It explains how to configure the vGW Security Design VM not to use dual stack.

• The Network Configuration Page
• Changing the Host Name and DNS Settings
• Configuring Addresses for the vGW Security Design VM Interface for Communication With vGW Security VMs

The Network Configuration Page

The vGW Security Design VM uses its Interface 1 virtual NIC (vNIC) for management communication with vGW Security VMs. This interface must be reachable by the management vNICs of all vGW Security VMs. By default, the vGW Security Design VM’s Interface 1 is configured for dual stack with DHCP configured to acquire its IPv4 address and DHCPv6 configured to acquire its IPv6 address. Figure 148 shows the Network Configuration page that you can use to change these values.

Figure 148: Network Configuration Settings

• You can change the vGW Security Design VM and how it gains access to a DNS server.
• You can change the way that the vGW Security Design VM acquires its IPv4 and IPv6 addresses.
• You can configure the vGW Security Design VM not to use dual stack.

Warning: Do not change the Network Settings during any configuration that involves vGW Security Design VM interaction with VMware vCenter. This includes installing, un-installing, or updating the vGW Security Design VM or a firewall (vGW Security VM).

Changing the Host Name and DNS Settings

You can change the name of the vGW Security Design VM and the default DNS settings using the following sections and their fields on the Network Configuration page.

• Host Name: This field allows you to change the name of the vGW Security Design VM management center, Security_Design_vGW, that was set by default during installation.
• DNS Settings: You can configure the vGW Security Design VM to use either of the following methods to the obtain IP address of the Domain Name System (DNS) server to be used:
  • Use DHCP to Get DNS: If you want to use Dynamic Host Configuration Protocol (DHCP) to get the IP address of a DNS server dynamically select this option.

    By default, the vGW Security Design VM is configured to use this method.

  • Primary DNS Server: To use a particular DNS server, de-select Use DHCP to Get DNS. Then specify the IP address of the primary DNS server, and optionally, a secondary one.
  • Search Domain: You can specify a search domain to use for resolving system names and addresses within vGW Security Design VM reports. To specify more than one search domain, use spaces to separate the domain specifications.

Configuring Addresses for the vGW Security Design VM Interface for Communication With vGW Security VMs

By default, the vGW Security Design VM’s Interface 1 is configured for dual stack support with DHCP configured to acquire its IPv4 address and DHCPv6 configured to acquire its IPv6 address.

This section covers how to change the default IP address parameters configured for Interface 1.

• Changing the Way vGW Security Design VM Acquires Its Interface 1 IP Addresses
• Configuring the vGW Security Design VM Not to Use Dual Stack

Changing the Way vGW Security Design VM Acquires Its Interface 1 IP Addresses

Select how you want vGW Security Design VM to acquire its IPv4 and IPv6 addresses from the lists associated with the following fields:

• IPv4:

  For IPv4, from the displayed list, select the method to use to assign an IPv4 address to Interface 1:

  • DHCP

    Use a DHCP server to assign dynamically an IPv4 address to Interface 1. This is the default method.

  • Static IP

    Specify a static IP address and its network mask routing prefix, and the default gateway to assign to Interface 1.

• IPv6:

  For IPv6, from the displayed list, select the method to use to assign an IPv6 address to Interface 1:

  • DHCPv6

    Use a DHCPv6 server to obtain the IPv6 address for Interface 1. This is the default method.

    Dynamic Host Configuration Protocol for IPv6 (DHCPv6) offers the capability of automatic allocation of reusable network addresses and additional configuration flexibility. This protocol is a stateful counterpart to IPv6 stateless address autoconfiguration.

  • Autoconfiguration

    Use stateless address autoconfiguration to obtain the IPv6 address for Interface 1. IPv6 stateless address autoconfiguration allows network devices attached to an IPv6 network to automatically acquire IP addresses and connect to the Internet without intermediate interaction with a DHCPv6 server.

    Refer to RFC 2462, IPv6 Stateless Address Autoconfiguration for details.

  • Static IP

    Specify a static IP address for Interface 1 including the IPv6 address prefix (the initial bits of the address that denote the network address, akin to a netmask) and the default gateway to use for it.

Note: By default, a dual stack vGW Security Design VM communicates with a vGW Security VM using the IPv4 protocol. However, you can use the vGW CLI to change the default IP protocol used by setting the center.dual.stack.default.communication.ipv4 parameter to false. center.dual.stack.default.communication.ipv4=false By default, this parameter is set to true. This parameter is relevant only if the vGW Security Design VM is configured for dual stack and one or more vGW Security VMs is also configured for dual stack. In all other cases, the protocol used is the one that is common to both the vGW Security Design VM and the vGW Security VM, and this parameter is irrelevant.

Configuring the vGW Security Design VM Not to Use Dual Stack

By default, the vGW Security Design VM is configured for dual stack so that it can communicate with vGW Security VMs that have either IPv4 or IPv6 addresses. You can change the configuration causing it to use either IPv4 addressing or IPv6 addressing alone for communication with vGW Security VMs.

• To use only IPv4 for vGW Security Design VM management communication with its vGW Security VMs, disable IPv6. On the displayed list for the IPv6: box, select Disabled.
• To use only IPv6 for vGW Security Design VM management communication with vGW Security VMs, disable IPv4. On the displayed list for the IPv4: box, select Disabled.

In an environment in which the vGW Security Design VM is configured for dual stack communication between the vGW Security Design VM and vGW Security VMs, problems should not exist. Some vGW Security VMs might have IPv4 addresses while others have IPv6 addresses. The environment might also include a standby, or secondary, vGW Security Design VM used for high availability with either type of IP address and that, too, would pose no problems with a dual stack vGW Security Design VM. The vGW Security Design VM can communicate using either protocol.

In environments in which vGW Security VMs and the vGW Security Design VM standby device are configured for dual stack and the primary vGW Security Design VM is not, communication problems should also not exist. Regardless of the type of IP address bound to the vGW Security Design VM’s management interface, it would be able to communicate with the management interface of the vGW Security VM or the standby device using their IP address of the same protocol family type.

However, problems will occur if you change the dual stack configuration for the vGW Security Design VM so that it has only one IP address assigned to its Interface 1 vNIC and the management interfaces of the vGW Security VMs and the standby vGW Security VM are configured with only one IP address whose type differs from that of the vGW Security Design VM. For example, if you change the configuration so that the vGW Security Design VM’s Interface 1 has only an IPv6 assigned to it, communication problems with any vGW Security VMs with IPv4 addresses will occur. That holds true for the standby vGW Security Design VM also, if one was configured and it had an IPv4 address bound to it. It also holds true for a secondary vGW Security VM, if one was configured with a single IP address that differed in type from the single IP address configured for the management interface of the vGW Security Design VM with which it was intended to communicate.

• When your environment includes a vGW Security VM–called SVM1 for example–that has only an IPv6 address bound to it, if you attempt to change the vGW Security Design VM from dual stack to single with only an IPv4 address bound to it, vGW Series displays the following message:

  “The interface for management communications must have an IPv6 configuration, because Security VM SVM1 has only IPv6 interface."

• When your environment includes a vGW Security VM–called SVM2 for example–that has only an IPv4 address bound to it, if you attempt to change the vGW Security Design VM from dual stack to single with only an IPv6 address bound to it, vGW Series displays the following message:

  "The interface for management communications must have an IPv4 configuration, because Security VM SVM2 has only IPv4 interface."

• When your environment has a standby vGW Security Design VM that has only an IPv6 address bound to it, if you attempt to change the vGW Security Design VM from dual stack to single to single with only an IPv4 address bound to it, vGW Series displays the following message:

  "The interface for management communications must have an IPv6 configuration, because there is a Standby Appliance with IPv6 interface.”

Related Documentation

• Understanding vGW Series IPv4 and IPv6 Dual Stack Support
• Understanding IPv6 Addressing
• Understanding vGW Series IPv6 Support
• Understanding the vGW Security Design VM