Specifications

ManualsBrandsCDA ManualsDomestic Appliancesvm200

40 VM-Series Deployment Guide

Secure North-South Traffic with the VM-Series Firewall Set Up a VM-Series Firewall on the Citrix SDX Server

Step 2 Re-cable the client-side interface assigned

to the NetScaler VPX.

Because the NetScaler VPX will reboot

when recabled, evaluate whether you

would like to perform this task during a

maintenance window.

If you have already deployed a NetScaler VPX and are now adding

the VM-Series firewall on the SDX server, you have two ports

assigned to the VPX. When you deploy the VM-Series firewall, the

NetScaler VPX will now only require one port that connects it to the

server farm.

Therefore, before you configure the data interfaces the VM-Series,

you must remove the cable from the interface that connects the VPX

to the client-side traffic and attach it to the firewall so that all

incoming traffic is processed by the firewall.

Step 3 Configure the data interfaces. 1. Launch the web interface of the firewall.

2. Select

Network > Interfaces> Ethernet.

3. Click the link for an interface, for example ethernet 1/1, and

select the

Interface Type as Virtual Wire.

4. Click the link for the other interface and select the

Interface

Type

as Virtual Wire.

5. Each virtual wire interface must be connected to a security zone

and a virtual wire. To configure these settings, select the

Config

tab and complete the following tasks:

a. In the Virtual wire drop-down click

New Virtual Wire, define

Name and assign the two data interfaces (ethernet 1/1 and

ethernet 1/2) to it, and then click

OK.

When configuring ethernet 1/2, select this virtual wire.

b. Select

New Zone from the Security Zone drop-down, define

Name for new zone, for example client, and then click OK.

6. Repeat step 5 for the other interface.

7. Click

Commit to save changes to the firewall.

Step 4 Create a basic policy rule to allow traffic

through the firewall.

This example shows how to enable traffic

between the NetScaler VPX and the web

servers.

1. Select

Policies > Security, and click Add.

2. Give the rule a descriptive name in the

General tab.

3. In the

Source tab, set the Source Zone to the client-side zone

you defined. In this example, select client.

4. In the

Destination tab, set the Destination Zone to the

server-side zone you defined. In this example, select server.

5. In the

Application tab, click Add to select the applications to

which you want to allow access.

6. In the

Actions tab, complete these tasks:

a. Set the

Action Setting to Allow.

b. Attach the default profiles for antivirus, anti-spyware,

vulnerability protection and URL filtering, under

Profile

Setting

7. Verify that logging is enabled at the end of a session under

Options. Only traffic that matches a security rule will be logged.

Set up the VM-Series Firewall Before the NetScaler VPX with Virtual Wire Interfaces (Continued)