Manual 18119181

Manual 18119181
CONTENTS
Preface
v
Audience
v
Document Organization
v
Document Conventions
vi
Related Documentation vii
Cisco Virtual Security Gateway Documentation vii
Cisco Virtual Network Management Center Documentation
Cisco Nexus 1000V Series Switch Documentation viii
Obtaining Documentation and Submitting a Service Request
CHAPTER
1
Cisco Virtual Security Gateway Overview
viii
1-1
Information About the Cisco Virtual Security Gateway
Overview 1-1
Product Architecture 1-2
Trusted Multitenant Access 1-4
Dynamic (Virtualization-Aware) Operation 1-4
1-1
Cisco Virtual Security Gateway Configuration for the Network
Setting Up Cisco VSGs and VLANs 1-5
Cisco VSG Configuration Overview 1-6
Cisco Nexus 1000V Series Switch VSM 1-7
Port Profile 1-7
Virtual Security Gateway 1-7
Security Profile 1-7
Firewall Policy 1-8
Service Firewall Logging 1-9
Sequence in Configuring a Cisco VSG 1-9
CHAPTER
2
Cisco Virtual Security Gateway Command-Line Interface
Information About the CLI Prompt
vii
1-5
2-1
2-1
Command Modes 2-2
Information About Command Modes 2-2
EXEC Command Mode 2-3
Global Configuration Command Mode 2-3
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Firewall Policy Configuration Guide, Release 4.2(1)VSG1(1)
OL-23427-01
1
Contents
Exiting a Configuration Mode 2-3
Command Mode Summary 2-4
Saving CLI Configuration Changes 2-4
Running Configuration 2-4
Startup Configuration 2-4
Copying the Running Configuration to the Startup Configuration
Special Characters
Keystroke Shortcuts
2-5
2-5
Abbreviating Commands
2-7
Using the no Form of a Command
Using Help
CHAPTER
3
2-5
2-7
2-7
Configuring the Cisco Virtual Security Gateway Port Profile on the Cisco Nexus 1000V Series
Switch 3-1
Configuring the Cisco VSG Port Profile on the Cisco Nexus 1000V Series Switch VSM for Protection from
Service Loss 3-1
Verifying the Cisco VSG Configuration
Where to Go Next
CHAPTER
4
3-4
3-4
Cisco Virtual Security Gateway System Management
Information About VSG System Management
Changing the Cisco VSG Instance Name
Configuring a Message of the Day
4-1
4-1
4-2
4-2
Verifying the Configuration 4-3
Verifying the Software and Hardware Versions 4-3
Verifying the Running Configuration 4-4
Comparing the Startup and Running Configurations 4-6
Displaying Interface Configurations 4-7
Displaying a Brief View of a Specific Interface Configuration 4-7
Displaying a Detailed View of a Specific Interface Configuration 4-8
Displaying a Brief View of All Interfaces 4-9
Verifying the Running Configuration for All Interfaces 4-9
Saving a Configuration 4-10
Erasing a Configuration 4-11
Displaying a Cisco VSG Instance 4-11
Navigating the File System 4-12
Specifying File Systems 4-12
Identifying Your Current Working Directory
4-13
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Firewall Policy Configuration Guide, Release 4.2(1)VSG1(1)
2
OL-23427-01
Contents
Changing Your Directory 4-13
Listing the Files in a File System 4-14
Identifying Available File Systems for Copying Files
Using Tab Completion 4-16
Copying and Backing Up Files
Creating a Directory
4-17
4-18
Removing an Existing Directory
Moving Files
4-15
4-18
4-19
Deleting Files or Directories
Compressing Files
Uncompressing Files
4-19
4-20
4-21
Directing Command Output to a File
4-22
Verifying a Configuration File Before Loading
Reverting to a Previous Configuration
4-23
4-24
Displaying Files 4-24
Displaying File Contents 4-25
Displaying Directory Contents 4-25
Displaying File Checksums 4-26
Displaying the Last Lines in a File 4-27
Displaying the Current User Access
Sending a Message to Users
CHAPTER
5
4-27
4-28
Cisco Virtual Security Gateway High Availability
Information About High Availability
Redundancy 5-2
Isolation of Processes 5-2
Cisco VSG Failover 5-3
5-1
5-1
System-Control Services 5-3
System Manager 5-4
Persistent Storage Service 5-4
Message and Transaction Service
HA Policies 5-4
Cisco VSG HA Pairs 5-5
Cisco VSG Roles 5-5
HA Pair States 5-5
Cisco VSG HA Pair Synchronization
5-4
5-5
Cisco VSG HA Pair Failover 5-6
Failover Characteristics 5-6
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Firewall Policy Configuration Guide, Release 4.2(1)VSG1(1)
OL-23427-01
3
Contents
Automatic Failover 5-6
Manual Failover 5-7
Cisco VSG HA Guidelines and Limitations
Changing the Cisco VSG Role
5-7
5-7
Configuring a Failover 5-9
Guidelines and Limitations 5-9
Verifying that a Cisco VSG Pair is Ready for a Failover 5-9
Manually Switching the Active Cisco VSG to Standby 5-10
Assigning IDs to HA Pairs
5-12
Pairing a Second Cisco VSG with an Active Cisco VSG 5-13
Changing the Standalone Cisco VSG to a Primary Cisco VSG
Verifying the Change to a Cisco VSG HA Pair 5-15
Replacing the Standby Cisco VSG in an HA Pair
Replacing the Active Cisco VSG in an HA Pair
Verifying HA Status
CHAPTER
6
5-13
5-15
5-16
5-17
Cisco Virtual Security Gateway Firewall Profiles and Policy Objects
Information About Cisco VSG Firewall Policy Objects
6-1
Cisco VSG Prerequisites, Guidelines, and Limitations
6-1
Default Settings
6-1
6-2
Cisco VSG Firewall Policy Objects 6-2
Zones 6-3
Object Groups 6-3
Rules 6-3
Policies 6-4
Cisco Virtual Security Gateway Attributes 6-4
Information About Attribute Name Notations 6-4
Attribute Classes 6-5
Security Profiles 6-7
Viewing Security Profiles and Policies on the Cisco VNMC and the Cisco VSG
Service Firewall Logging
6-10
Verifying the Cisco VSG Configuration
Configuration Limits
6-8
6-11
6-12
INDEX
Cisco Virtual Security Gateway for Nexus 1000V Series Switch Firewall Policy Configuration Guide, Release 4.2(1)VSG1(1)
4
OL-23427-01
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising