Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
81828384858687888990
90
Chapter 10 Configuring Routing and Installing Policies
Configuring Routing
Routing is configured entirely through the Management Client. The routing information for IPS
engines and Layer 2 Firewalls is only used for system communications. The inspected traffic is
not routed. Inline Interfaces are always fixed as port pairs; traffic that enters through one port is
automatically forwarded to the other port.
Most often only one or two simple tasks are needed to define routing information for IPS and
Layer 2 Firewall elements:
Define the default route. This is the route packets to any IP addresses not specifically
included in the routing configuration should take.
Add routes to your internal networks that are not directly connected to the IPS engine or Layer
2 Firewall if the networks cannot be reached through the default gateway.
Routing is frequently configured using the following elements:
Network elements: represent a group of IP addresses.
Router elements: represent the gateway devices that will forward packets to the networks
you add in the routing configuration.
When you modify interfaces and then close the engine properties, you receive a notification that
allows you to open the Routing view directly. You can view the Routing view at any other time by
selecting ConfigurationRouting.
To view routing information
1. Select ConfigurationConfigurationSecurity Engine. The Security Engine Configuration
view opens.
2. Select Security Engines. A list of Security Engines opens.
3. Right-click the IPS or Layer 2 Firewall element and select Routing. The Routing view for the
selected element opens.
All the IPS or Layer 2 Firewall element’s Physical Interfaces and their network definitions have
been automatically added to the Routing view. You can select another element to view its routing
information.
4. Expand the routing tree to view all the routing information for the interfaces.
Note – All communication between Virtual Security Engines and other SMC components is
proxied by the Master Engine. You do not need to configure routing for Virtual IPS engines
or Virtual Layer 2 Firewalls.
Note – Networks are only added automatically. Networks and interfaces are never deleted
automatically. Invalid elements are marked with a symbol. You must delete the invalid
elements manually if you do not want them to be shown in the Routing view.