Installation guide
65
Configuring Physical Interfaces for Virtual IPS Engines
Configuring Physical Interfaces for Virtual IPS Engines
Physical Interfaces for Virtual IPS engines represent interfaces allocated to the Virtual IPS
engine in the Master Engine. When you select the Virtual Resource for the Virtual IPS engine,
Physical Interfaces are automatically created based on the interface configuration in the Master
Engine properties. The number of Physical Interfaces depends on the number of interfaces
allocated to the Virtual IPS engine in the Master Engine. It is not recommended to create new
Physical Interfaces in the Virtual IPS engine properties, as they may not be valid.
You can optionally modify the automatically-created Physical Interfaces in the Virtual IPS engine
properties. For detailed instructions, see the McAfee SMC Administrator’s Guide or the
Management Client Online Help.
Adding VLAN Interfaces for Virtual IPS Engines
VLAN Interfaces can only be added for Virtual IPS engines if the creation of VLAN Interfaces for
Virtual IPS engines is enabled in the Master Engine Properties. VLANs divide a single physical
network link into several virtual links. The maximum number of VLANs for a single Physical
Interface is 4094. The VLANs must also be defined in the configuration of the switch/router to
which the interface is connected.
To add a VLAN Interface for a Virtual IPS engine
1. Switch to the Interfaces tab.
2. Right-click a Physical Interface and select New VLAN Interface. The VLAN Interface
Properties dialog opens.
3. Enter the VLAN ID (1-4094). The VLAN IDs you add must be the same as the VLAN IDs that
are used in the switch at the other end of the VLAN trunk.
•Each VLAN Interface is identified as
Interface-ID.VLAN-ID, for example 2.100 for
Interface ID 2 and VLAN ID 100.
What’s Next?
If you want to divide any of the Physical Interfaces into VLANs, continue by Adding VLAN
Interfaces for Virtual IPS Engines.
If the Security Engine licenses for the Master Engine were generated based on the POL
code of the Management Server (instead of the Master Engine’s POS code), proceed to
Binding Engine Licenses to Correct Elements (page 66).
Otherwise, you are ready to transfer the configuration to the physical Master Engine
nodes. Proceed to Saving the Initial Configuration (page 83).
Note – You cannot add VLAN Interfaces on top of other VLAN Interfaces. Depending on the
configuration of the Master Engine that hosts the Virtual IPS engine, you may not be able
to create valid VLAN Interfaces for the Virtual IPS engine. See Adding a Master Engine
Element (page 55).