Decide the following information to design the network environment of the L-Platform where NS Appliances will be used.
Public IP address, VLAN ID
There are the following two types of public IP addresses:
The IP address of the interface set by the Automatic Configuration Function
In the example network configuration shown below,"20", "30", and "40" are used for the VLAN IDs.
The IP address of the interface that requires pre-configuration
In the example of network configuration shown below, "10" is used for the VLAN ID for internet connection and "15" is used for the intranet connection (using automatic configuration using simple configuration mode).
Public LAN routing information (routing information)
Mode for auto-configuration of NS Appliances
The following two modes can be used for auto-configuration of NS appliances.
User customization mode
Simple configuration mode
When performing auto-configuration of NS Appliances, it is recommended to use simple configuration mode. To use configurations like those below that are not supported by simple configuration mode, or when you want to use unused functions or perform detailed tuning of setting parameters, it is recommended to use user customization mode.
Network Configuration
Auto-configuration of configurations that use the high availability function (redundancy function) of NS Appliances
Firewalls
Detailed tuning of the detection parameters of the anomaly-based IPS function
Detailed settings of the filter conditions of the access control function
Server Load Balancers
Use of the web acceleration function
Failure monitoring of servers using HTTP application monitoring
Detailed customization of cipher suites of the SSL accelerator function
See
For details on the auto-configuration function, refer to "2.2.7.4 Network Device Automatic Configuration" in the "Design Guide CE".
For details on the logical network configuration which enables simple configuration mode and the configuration information, refer to "Appendix I Auto-configuration and Operations of Network Devices Using Simple Configuration Mode" in the "Design Guide CE".
NS Appliance type (firewall or integrated network device)
If there is a possibility the server load balancer function will be used when scaling out an L-Server on an L-Platform, ensure the NS Appliance is designed as an integrated network device.
Maximum Number of L-Platforms when Deploying Multiple L-Platforms in a Single NS Appliance
When using simple configuration mode during automatic network device configuration, define "1", "5", or "9" as the maximum number of L-Platforms to be deployed in one NS Appliance.
The value defined here determines the maximum number of rules that can be configured for the L-Platforms to be deployed.
For details of the maximum number of L-Platforms and the number of rules which can be configured, refer to "I.2.2 Usage Conditions for Standard Model Configuration" in the "Design Guide CE".
For public networks that require auto-configuration or pre-configuration, decide the public LAN IP address, VLAN ID, and routing information.
The L-Platform network environment when performing auto-configuration using user customization mode is explained below.
Figure 2.4 Scope Configured by the Auto-configuration Function when Performing Auto-configuration Using User Customization Mode
Figure 2.5 Example Network Configuration of Blade Servers when Performing Auto-configuration Using User Customization Mode
Figure 2.6 Example Network Configuration of Rack Mount Servers when Performing Auto-configuration Using User Customization Mode
Information
The settings for internal connection ports of LAN switch blades, which are the network items to be protected by the security function of NS Appliance, need to be manually configured.
When creating an L-Platform using an L-Platform template, deployment of L-Servers triggers performance of the following network configuration:
Creation of Virtual NICs
Creation of Virtual Switches
VLAN Settings for LAN Switch Blades
For details, refer to "4.1.2 Configuring Settings for LAN Switch Blades" and "4.1.3 Configuring Settings for L2 Switches".
For public networks that require auto-configuration or pre-configuration, decide the public LAN IP address, VLAN ID, and routing information.
The L-Platform network environment when performing auto-configuration using simple configuration mode is explained below.
For details on the network configuration and the information for design, refer to "Appendix I Auto-configuration and Operations of Network Devices Using Simple Configuration Mode" in the "Design Guide CE".
Figure 2.7 Scope Configured by the Auto-configuration Function when Performing Auto-configuration Using Simple Configuration Mode
Figure 2.8 Example Network Configuration of Blade Servers when Performing Auto-configuration Using Simple Configuration Mode
Figure 2.9 Example Network Configuration of Rack Mount Servers when Performing Auto-configuration Using Simple Configuration Mode
Information
The settings for internal connection ports of LAN switch blades, which are the network items to be protected by the security function of NS Appliance, need to be manually configured.
When creating an L-Platform using an L-Platform template, deployment of L-Servers triggers performance of the following network configuration:
Creation of Virtual NICs
Creation of Virtual Switches
VLAN Settings for LAN Switch Blades
For details, refer to "4.1.2 Configuring Settings for LAN Switch Blades" and "4.1.3 Configuring Settings for L2 Switches".
