Installation guide

Chapter 7 Configuring Master Engines and Virtual IPS Engines

Configuration Overview

Virtual IPS engines are logically-separate Virtual Security Engines that run as virtual engine

instances on a physical engine device. A Master Engine is a physical engine device that provides

resources for Virtual IPS engines. One physical Master Engine can support multiple Virtual IPS

engines.

Each Master Engine can support one Virtual Security Engine role (Firewall/VPN, IPS, or Layer 2

Firewall). To use more than one Virtual Security Engine role, you must create a separate Master

Engine for each Virtual Security Engine role. Each Master Engine must be on a separate physical

Master Engine device.

The tasks you must complete are as follows:

1. Add a Master Engine element. See Adding a Master Engine Element (page 55).

2. Add a Virtual Resource element. See Adding a Virtual Resource Element (page 56).

3. Define Physical Interfaces and optionally VLAN Interfaces for the Master Engine, and

assign Virtual Resources to the interfaces that are used for hosted Virtual IPS engine

communications. See Adding Physical Interfaces for Master Engines (page 57) and Adding

VLAN Interfaces for Master Engines (page 60).

4. Add a Virtual IPS engine element. See Adding a Virtual IPS Engine Element (page 64).

5. Configure Physical Interfaces and optionally VLAN Interfaces for the Virtual IPS engine.

See Configuring Physical Interfaces for Virtual IPS Engines (page 65) and Adding VLAN

Interfaces for Virtual IPS Engines (page 65).

6. Bind Management Server POL-bound licenses to specific nodes in the Master Engine. See

Binding Engine Licenses to Correct Elements (page 66).