Documente Academic
Documente Profesional
Documente Cultură
Published: 2014-02-16
ii
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Part 1
Overview
Chapter 1
Chapter 2
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Specifications for Firefly Perimeter Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Firefly Perimeter Basic Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Installation Requirements for Firefly Perimeter with VMware . . . . . . . . . . . . . . . . 29
Part 2
Installation
Chapter 3
iii
Part 3
Configuration
Chapter 4
Part 4
Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
iv
List of Figures
Part 2
Installation
Chapter 3
Part 3
Configuration
Chapter 4
vi
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x
Part 1
Overview
Chapter 1
Chapter 2
System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Table 5: Specifications for Firefly Perimeter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Table 6: Hardware Specifications for Host Machine . . . . . . . . . . . . . . . . . . . . . . . . 27
Table 7: Basic Settings for Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Table 8: Basic Settings for Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Table 9: Basic Settings for NAT Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Table 10: Supported Version of VMware hypervisor . . . . . . . . . . . . . . . . . . . . . . . . 29
Part 2
Installation
Chapter 3
Part 3
Configuration
Chapter 4
vii
viii
To obtain the most current version of all Juniper Networks technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at http://www.juniper.net/books.
Documentation Conventions
Table 1 on page x defines notice icons used in this guide.
ix
Meaning
Description
Informational note
Caution
Warning
Laser warning
Table 2 on page x defines the text and syntax conventions used in this guide.
Description
Examples
[edit]
root@# set system domain-name
domain-name
Description
Examples
| (pipe symbol)
broadcast | multicast
# (pound sign)
[ ] (square brackets)
; (semicolon)
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
GUI Conventions
Bold text like this
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
techpubs-comments@juniper.net, or fill out the documentation feedback form at
https://www.juniper.net/cgi-bin/docbugreport/. If you are using e-mail, be sure to include
the following information with your comments:
xi
or are covered under warranty, and need post-sales technical support, you can access
our tools and resources online or open a case with JTAC.
JTAC hours of operationThe JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
xii
PART 1
Overview
CHAPTER 1
Related
Documentation
Complementary with the Juniper Networks Firefly Host for inter-VM security
Feature
Address Books and Address Sets:
Address books
Yes
Address sets
Yes
Yes
Yes
Administrator Authentication:
Local authentication
Yes
RADIUS
Yes
TACACS+
Yes
Alarms:
Chassis alarms
Yes
Interface alarms
Yes
System alarms
Yes
DNS ALG
Yes
No
DNS, FTP, RTSP, and TFTP ALGs (Layer 2) with chassis clustering
No
Yes
FTP
Yes
H.323
Yes
Avaya H.323
Yes
IKE
Yes
MGCP
Yes
PPTP
Yes
RSH
Yes
Support on Firefly
Perimeter
RTSP
Yes
SCCP
Yes
SIP
Yes
SIP ALGNEC
Yes
SQL
Yes
MS RPC
Yes
SUN RPC
Yes
TALK
Yes
TFTP
Yes
Yes
Yes
Yes
Yes
Yes
IP address spoof
Yes
IP address sweep
Yes
Yes
IP security option
Yes
IP stream option
Yes
Yes
IP timestamp option
Yes
Yes
Yes
Support on Firefly
Perimeter
Yes
Yes
Port scan
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Autoinstallation:
Autoinstallation
Yes
Class of Service:
Classifiers
Yes
Code-point aliases
Yes
Yes
Forwarding classes
Yes
No
Support on Firefly
Perimeter
Yes
Schedulers
Yes
Simple filters
Yes
Transmission queues
Yes
Tunnels
Yes
Yes
Diagnostics Tools:
CLI terminal
Yes
Yes
No
Ping host
Yes
Ping MPLS
Yes
Traceroute
Yes
No
No
DNS Proxy:
DNS proxy cache
Yes
Yes
Dynamic DNS
No
No
DHCPv4 client
Yes
No
Support on Firefly
Perimeter
Yes
DHCPv6 server
Yes
DHCPv4 server
Yes
Yes
Yes
No
No
No
No
No
No
No
No
No
ethernet-ccc
No
extended-vlan-ccc
No
ethernet-tcc
No
extended-vlan-tcc
No
Interface family:
Support on Firefly
Perimeter
inet
Yes
mpls
Yes
ccc
No
tcc
No
iso
Yes
ethernet-switching
No
inet6
Yes
Static LAG
No
No
Interface family:
ethernet-switching
No
inet
Yes
inet6
Yes
iso
Yes
mpls
Yes
File Management:
Clean up unnecessary files
Yes
Yes
Yes
Yes
Yes
Yes
Rescue
Yes
Support on Firefly
Perimeter
System zeroize
Yes
Monitor start
Yes
Archive files
Yes
Calculate checksum
Yes
Compare files
Yes
Rename files
Yes
Firewall Authentication:
Firewall authentication on Layer 2 transparent authentication
No
Yes
Yes
Pass-through authentication
Yes
Yes
Yes
Web authentication
Yes
Yes
No
Flow-based processing
Yes
No
Packet-based processing
Yes
Yes
Interfaces:
Physical and Virtual Interface:
Ethernet interface
10
Yes
Support on Firefly
Perimeter
Yes
Services:
No
GRE interface
Yes
No
No
No
No
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Loopback interface
Yes
Management interface
Yes
PPP interface
No
No
PPPoE interface
No
11
Support on Firefly
Perimeter
Yes
NOTE: Promiscuous mode
needs to be enabled on
hypervisor.
Yes
IP Monitoring:
IP monitoring with route failover (for standalone devices and
redundant Ethernet interfaces)
Yes
Yes
No
IP Security:
12
No
Yes
Yes
Authentication
Yes
Yes
Autokey management
Yes
Yes
Yes
No
Yes
Yes
Yes
Yes
Yes
Class of service
Yes
Support on Firefly
Perimeter
Yes
Yes
Yes
Yes
Yes
Yes
Diffie-Hellman Group 1
Yes
Diffie-Hellman Group 2
Yes
Diffie-Hellman Group 5
Yes
Yes
Dynamic IP address
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
Yes
No
13
14
Feature
Support on Firefly
Perimeter
Yes
Yes
Yes
Yes
Yes
Yes
Initial contact
Yes
Yes
Yes
IKE Phase 1
Yes
Yes
IKE Phase 2
Yes
Yes
IKE and IPsec predefine proposal sets to work with dynamic VPN
client
No
Yes
IKE support
Yes
IKEv1
Yes
Yes
IKEv2
Yes
Yes
No
Yes
Yes
Support on Firefly
Perimeter
Yes
Yes
Yes
Yes
No
Policy-based VPN
Yes
Yes
Yes
Yes
Remote access
Yes
Yes
Yes
Route-based VPN
Yes
Yes
Soft lifetime
Yes
Static IP address
Yes
Yes
Yes
Yes
No
Yes
Yes
15
Support on Firefly
Perimeter
Yes
Yes
Yes
Yes
XAuth (draft-beaulieu-ike-xauth-03)
Yes
IPv6 Support:
Flow-based forwarding and security features:
Advanced flow
Yes
No
No
Firewall filters
Yes
Yes
Multicast flow
Yes
Screens
Yes
Yes
No
No
Zones
Yes
Yes
Yes
Yes
16
Support on Firefly
Perimeter
IPv6 NAT64
Yes
IPv6related protocols:
Yes
Yes
System services:
Yes
Class of service
Yes
Firewall filters
Yes
Yes
Chassis cluster
Active-active
Yes
Active-passive
Yes
Multicast flow
Yes
IPv6 IP Security:
4in4 and 6in6 policy-based site-to-site VPN, AutoKey IKEv1
No
No
No
No
No
Yes
Syslog (syslog)
Yes
17
Support on Firefly
Perimeter
No
Yes
Yes
Syslog (syslog)
Yes
Yes
MPLS:
CCC and TCC
No
CLNS
Yes
Yes
Yes
NOTE: Promiscuous mode
needs to be enabled on
hypervisor.
Yes
LDP
Yes
Yes
Multicast VPNs
Yes
Yes
P2MP LSPs
Yes
RSVP
Yes
Yes
Yes
Multicast:
Filtering PIM register messages
18
Yes
Support on Firefly
Perimeter
IGMP
Yes
Yes
Primary routing mode (dense mode for LAN and sparse mode for
WAN)
Yes
Yes
Yes
SDP
Yes
Multicast VPN:
Basic multicast features in C-instance
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Persistent NAT
Yes
Yes
Yes
No
Pool translation
Yes
Yes
19
Support on Firefly
Perimeter
Yes
Yes
Rule-based NAT
Yes
Rule translation
Yes
Yes
Yes
Static NAT
Yes
Yes
Event scripts
Yes
Operation scripts
Yes
Yes
Yes
Packet Capture:
Packet capture
Yes
Yes
One-way timestamps
Yes
Routing:
20
BGP
Yes
Yes
Support on Firefly
Perimeter
BGP Flowspec
No
No
No
Yes
Yes
Yes
IS-IS
Yes
Yes
Yes
OSPF v2
Yes
OSPF v3
Yes
Yes
RIP v1, v2
Yes
Static routing
Yes
Yes
Yes
HTTP
Yes
HTTPS
Yes
Yes
Yes
Global policy
Yes
Yes
21
Support on Firefly
Perimeter
Yes
Yes
Schedulers
Yes
Yes
SSL proxy
No
No
Yes
Shadow policy
Yes
Security Zone:
Functional zone
Yes
Security zone
Yes
Session Logging:
Accelerating security and traffic logging
Yes
Yes
Yes
Yes
Yes
SMTP:
SMTP support
Yes
SNMP:
SNMP support
Yes
Yes
No
22
Support on Firefly
Perimeter
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No (N.A.)
No (N.A.)
Yes
Chassis restart
Yes
Download manager
Yes
Dual-root partitioning
No
No
No
Yes
User Interfaces:
CLI
Yes
Yes
Yes
23
Support on Firefly
Perimeter
No
Yes
SRC application
No
Yes
Yes
Yes
24
Yes
ALGs
Yes
Yes
Yes
Yes
Yes
No
Yes
No
Yes
No
Layer 2 LAG
No
Layer 3 LAG
No
No
No
No
Support on Firefly
Perimeter
No
Multicast routing
Yes
No
Yes
No
Yes
Yes
Yes
Yes
Yes
Yes
VPLS
Filtering and Policing (Packet-Based)
Yes
Table 4 on page 25 lists additional features that are not supported on Firefly.
Firefly
No
No
No
No
Layer 2 Mode
No
Logical Systems
No
No
25
Related
Documentation
26
Feature
Firefly
No
No
Route Reflector
No
RPM Probe
No
Services Offloading
No
Transparent Mode
No
No
USB Modem
No
No
No
Group VPN
No
No
No
CHAPTER 2
System Requirements
Specification
Memory
2 GB
Disk space
2 GB
vCPUs
vNICs
Up to 10
E1000
Table 6 on page 27 lists the hardware specifications for the host machine that runs Firefly
Perimeter VM.
Specification
Minimum 4 GB
x86_64
27
NOTE:
Related
Documentation
Firefly Perimeter has the following default configurations set when you power it on for
the first time.
Table 7 on page 28 lists the basic settings for interfaces.
Security Zones
DHCP State
ge-0/0/0
trust
client
ge-0/0/1 to ge-0/0/3
trust
server
Table 8 on page 28 lists the basic settings for the security policies.
28
Source Zone
Destination Zone
Policy Action
trust
untrust
permit
trust
trust
permit
untrust
trust
deny
Table 9 on page 29 lists the basic settings for the NAT rule.
Related
Documentation
Source Zone
Destination Zone
Policy Action
trust
untrust
Hypervisor Version
Related
Documentation
29
30
PART 2
Installation
31
32
CHAPTER 3
2. On the same computer, download the Firefly Perimeter software package available
at:
http://www.juniper.net/support/downloads/.
3. Start the VMware vSphere Client and log in with your credentials. See
33
4. Click File > Deploy OVF Template as shown in Figure 2 on page 34.
5. Click Browse to locate the Firefly Perimeter software package and then click Next.
6. Click Next on the OVF Template Details window, to proceed with the installation. Click
installation.
34
8. Change the default Firefly Perimeter VM name appropriately in the Name box and
click Next. See Figure 3 on page 35. It is advisable to keep this name the same as the
hostname you intend to give to your VM.
Datastore
Available Space
Table 11 on page 35 lists the two disk formats available to store the virtual disk. You
can choose one of the three options listed.
NOTE: For detailed information on the two types of disk formats, see
http://pubs.vmware.com/vsphere-50/
index.jsp?topic=%2Fcom.vmware.vsphere.vm_admin.doc_
50%2FGUID-4C0F4D73-82F2-4B81-8AA7-1DD752A8A5AC.html.
Utility
35
Utility
10. Select your destination network from the list and click Next.
11. Click Finish to complete the installation. See Figure 4 on page 36.
Related
Documentation
36
NOTE: When Firefly Perimeter is powered on for the first time, it uses the
factory default configuration.
Related
Documentation
Wait for a few minutes and then click the Shut Down Guest icon on the menu bar.
Related
Documentation
37
38
PART 3
Configuration
39
40
CHAPTER 4
41
You can use the Setup Wizard to configure a device or edit an existing configuration.
See Figure 6 on page 42.
42
Select the Edit Existing Configuration if you have already configured the wizard using
the factory mode.
Select the Create New Configuration to configure a device using the wizard.
Description
Device name
Root password
Verify password
Operator
Super User: This user has full system administration rights and can add,
Read only: This user can only access the system and view the
configuration.
Select either Time Server or Manual. Table 13 on page 43 lists the system time
options.
Description
Time Server
Host Name
IP
Manual
Date
Time
43
Description
Time Zone
Select the time zone from the list. For example: GMT Greenwich
Mean Time GMT.
Click the Need Help icon available for detailed configuration information.
You see a success message after the basic configuration is complete. See
Figure 7 on page 44.
Review and ensure that the configuration settings are correct and click Next. The
Commit Configuration page displays.
44
3. Check the connectivity to Firefly Perimeter as you might lose connectivity if you have
changed the management zone IP. Click the URL for reconnection instructions on how
to reconnect to the device.
4. Click Done to complete the setup.
After successful completion of the setup, you are redirected to the J-Web interface.
WARNING: After you complete the initial setup configuration, you can
relaunch the J-Web Setup wizard by clicking Tasks > Run Setup Wizard.
You can either edit an existing configuration or create a new configuration.
If you decide to create a new configuration, then all the current
configuration in Firefly Perimeter will be deleted.
Related
Documentation
root#cli
root@>
4. Enter configuration mode.
configure
[edit]
root@#
5. Set the root authentication password by entering a cleartext password, an encrypted
[edit]
root@# set system login user admin class super-user authentication
plain-text-password
7. Commit the configuration to activate it on the device.
[edit]
45
root@# commit
8. Login as the administrative user you configured in Step 6.
9. Configure the name of the device. If the name includes spaces, enclose the name in
quotation marks ( ).
configure
[edit]
admin@# set system host-name host-name
10. Configure the traffic interface.
[edit]
admin@# set interfaces ge-0/0/1 unit 0 family inet address address/prefix-length
11. Configure the default route.
[edit]
admin@# set routing-options static route 0.0.0.0/0 next-hop gateway
12. Configure basic security zones and bind them to traffic interfaces.
[edit]
admin@# set security zones security-zone untrust interfaces ge-0/0/1
13. Verify the configuration.
[edit]
admin@# commit check
configuration check succeeds
14. Commit the configuration to activate it on the device.
[edit]
admin@# commit
commit complete
15. Optionally, display the configuration to verify that it is correct.
[edit]
user@host# show
system {
host-name devicea;
domain-name lab.device.net;
domain-search [ lab.device.net device.net ];
backup-device ip
time-zone America/Los_Angeles;
root-authentication {
ssh-rsa "ssh-rsa AAAAB3Nza...D9Y2gXF9ac==root@devicea.lab.device.net";
}
name-server {
ip
}
services {
}
ntp {
server ip
}
}
interfaces {
46
ge-0/0/0 {
unit 0 {
family inet {
address ip
}
}
}
lo0 {
unit 0 {
family inet {
address ip
}
}
}
}
16. Commit the configuration to activate it on the device.
[edit]
admin@# commit
17. Optionally, configure more properties by adding the necessary configuration
[edit]
admin@host# exit
admin@host>
Related
Documentation
47
Deploying Firefly Perimeter Chassis Cluster Nodes at Different ESXi Hosts Using
dvSwicth on page 64
Resilient system architecture, with a single active control plane for the entire cluster
and multiple Packet Forwarding Engines. This architecture presents a single device
view of the cluster.
Monitoring of physical interfaces, and failover if the failure parameters cross a configured
threshold.
Support for generic routing encapsulation (GRE) and IP-over-IP (IP-IP) tunnels used
to route encapsulated IPv4 or IPv6 traffic by means of two internal interfaces, gr-0/0/0
and ip-0/0/0, respectively. These interfaces are created by Junos OS at system bootup
and are used only for processing GRE and IP-IP tunnels.
At any given instant, a cluster can be in one of the following states: hold, primary,
secondary-hold, secondary, ineligible, and disabled. A state transition can be triggered
because of any event, such as interface monitoring, Services Processing Unit (SPU)
monitoring, failures, and manual failovers.
For additional information, see:
Interfaces for Security Devices
48
Generally, on SRX Series devices, the cluster ID and node ID are written into EEPROM.
However, the Firefly Perimeter VM does not emulate it. A location (boot/loader.conf) is
required to save the IDs and read it out during initialization. Then the whole system
(including BSD kernel) can know it is working in chassis cluster mode and does related
initializations for chassis cluster.
The chassis cluster formation commands for node 0 and node 1 are as follows:
Enable and Reboot: Enables chassis cluster mode and reboots the node.
49
Click OK.
Enable and No Reboot: Enables chassis cluster mode without rebooting the node.
Cancel: Cancels your entries and returns to the main configuration page.
9. Click Reset to reset your entries to their original values or click Disable to disable chassis
50
Function
Action
Cluster ID
Node ID
Node Management
IP Address (fxp0.0)
FPC
Port
Node
Control Link
NOTE: For detailed information on various options used for chassis cluster
see:
http://www.juniper.net/techpubs/en_US/junos12.1x45/information-products/
pathway-pages/security/security-chassis-cluster.html
51
52
Action
Description
Add
Edit
Delete
Cancel
Function
Node Settings
Node ID
Cluster ID
Host Name
Backup Router
Management Interface
IP Address
Status
Name
Member Interfaces/IP
Address
Redundancy Group
Group
Preempt
Node Priority
53
Function
Action
Interface
Add
Click Add.
Delete
Click Delete.
Interface
Add
Click Add.
Delete
Click Delete.
Interface
IP
Redundancy
Group
Add
Click Add.
Delete
Click Delete.
Redundant Ethernet
Redundancy
Group
Allow preemption
of primaryship
54
Function
Action
Gratuitous ARP
Count
node0 priority
node1 priority
Interface
Weight
Add
Click Add.
Delete
Weight
Threshold
Retry Count
Retry Interval
Interface Monitor
IP Monitoring
IPV4 Addresses to
be monitored
IP
55
56
Field
Function
Action
Weight
Interface
Secondary IP
address
Add
Click Add.
Delete
Function
Action
Host Name
Backup Router
IP
Click Add.
Delete
Click Delete.
Select an option.
Node Settings
Destination
Interface
Interface
Add
Click Add.
Delete
Click Delete.
57
Connecting Control Interface via Control vSwitch Using the VMware vSphere
Client on page 58
Connecting Fabric Interface via Fabric vSwitch Using the VMware vSphere
Client on page 61
Connecting Data Interface via Data vSwitch Using the VMware vSphere
Client on page 63
Connecting Control Interface via Control vSwitch Using the VMware vSphere
Client
To connect the control interface via control switch:
1.
Choose Configuration->Networking.
Connection Type
58
Virtual Machines
Network Access
No physical adapters
NOTE:
Port group are not VLAN. It does not segment the vSwitch into separate
broadcast domains unless they have different VLAN tags.
If dedicated vSwitch, you can use the default VLAN tag (0) or specify
a VLAN tag.
If shared vSwitch and using port group, you must assign a VLAN tag
on that port group for each HA links.
After creating the control vSwitch, you can use the vSwitch default settings.
3. Click Edit Settings of both Firefly VMs to add the control interface (Network adapter
59
The control interface will hence be connected via the control vSwitch using the above
procedure.
60
Connecting Fabric Interface via Fabric vSwitch Using the VMware vSphere Client
1.
Choose Configuration->Networking.
Connection Type
Virtual Machines
Network Access
No physical adapters
NOTE:
Port group are not VLAN. It does not segment the vSwitch into separate
broadcast domains unless they have different VLAN tags.
If dedicated vSwitch, you can use the default VLAN tag (0) or specify
a VLAN tag.
If shared vSwitch and using port group, you must assign a VLAN tag
on that port group for each HA links.
MTU: 9000
3. Click Edit Settings of both Firefly VMs to add the fabric interface into fabric vSwitch.
See Figure 10 on page 62 for vSwitch 2 Properties and Figure 11 on page 62 for Virtual
Machine Properties for Fabric vSwitch.
61
The fabric interface will hence be connected via the fabric vSwitch using the above
procedure.
62
Connecting Data Interface via Data vSwitch Using the VMware vSphere Client
Add all the redundant interfaces into data traffic vSwitch like standalone mode.
1.
Choose Configuration->Networking.
Connection Type
Virtual Machines
Network Access
No physical adapters
MTU: 9000
See Figure 12 on page 64 for Virtual Machine Properties for Data vSwicth.
63
The data interface will hence be connected via the data vSwitch using the above
procedure.
Deploying Firefly Perimeter Chassis Cluster Nodes at Different ESXi Hosts Using dvSwicth
In this method, we use the private vlan (PVLAN) feature of dvSwitch. There is no need
to change the external switch configurations.
On the VMware vSphere Client, for dvSwitch, there are two private VLAN IDs, the primary
private VLAN ID and the secondary private VLAN ID.
Select Community in the drop down menu for secondary VLAN ID type.
Use the two secondary private VLAN IDs for Firefly Perimeter control and fabric link. See
Figure 13 on page 65 and Figure 14 on page 65.
64
65
You can also use regular VLAN on a distributed switch to deploy Firefly Perimeter chassis
cluster nodes at different ESXi Hosts using dvSwitch. Regular VLAN works similar to a
physical switch. If you want to use regular VLAN instead of PVLAN, disable IGMP snooping
for chassis cluster links.
However, use of PVLAN is recommended because:
Related
Documentation
66
PART 4
Index
Index on page 69
67
68
I
Installation Requirements
Firefly..................................................................................29
Index
Symbols
#, comments in configuration statements.....................xi
( ), in syntax descriptions.......................................................xi
< >, in syntax descriptions......................................................x
[ ], in configuration statements...........................................xi
{ }, in configuration statements..........................................xi
| (pipe), in syntax descriptions............................................xi
B
Basic Settings
Firefly..................................................................................28
braces, in configuration statements..................................xi
brackets
angle, in syntax descriptions.........................................x
square, in configuration statements.........................xi
C
comments, in configuration statements.........................xi
Configuration
Firefly
CLI Interface............................................................45
J-Web Interface.......................................................41
Connecting
Management Device.....................................................36
conventions
text and syntax...................................................................x
curly braces, in configuration statements.......................xi
customer support.....................................................................xi
contacting JTAC................................................................xi
M
manuals
comments on....................................................................xi
P
parentheses, in syntax descriptions..................................xi
Powering Off
device
Firefly..........................................................................37
Powering On
device
Firefly..........................................................................37
S
Specifications
Firefly...................................................................................27
support, technical See technical support
syntax conventions...................................................................x
T
technical support
contacting JTAC................................................................xi
U
Understanding
Firefly.....................................................................................3
D
Disk Format
Thick Provision Eager Zeroed....................................35
Thick Provision Lazy Zeroed.......................................35
documentation
comments on....................................................................xi
F
font conventions........................................................................x
69
70