Installation guide
61
Adding VLAN Interfaces for Master Engines
4. Click OK. The specified VLAN ID is added to the Physical Interface.
Second VLAN ID
(Optional, only if Physical
Interface Type is Inline
Interface)
Enter a Second VLAN ID for the Inline Interface if you want to remap the
Inline Interface. By default, this value is inherited from the first VLAN ID. We
recommend that you keep the default value if you do not have a specific
reason to change it.
Virtual Resource
The Virtual Resource associated with the interface. Select the same Virtual
Resource in the properties of the Virtual IPS engine element to add the
Virtual IPS engine to the Master Engine. Only one Virtual Resource can be
selected for each VLAN Interface.
Virtual Engine Interface
ID
Select the Interface ID of the Physical Interface in the Virtual IPS engine that
is associated with this interface.
Second Interface ID
(Inline Interface only)
Select the second Interface ID of the Inline Interface in the Virtual IPS
engine that is associated with this interface.
Throughput (kbps)
(Optional, only if Physical
Interface Type is Inline
Interface)
The maximum throughput for the IPS engines that use this VLAN Interface.
Enter the throughput as kilobits per second (for example, 2048). If
throughput is defined for the Physical Interface to which the VLAN Interface
belongs, the throughput value is automatically inherited from the Physical
Interface properties.
Caution! The throughput for each VLAN Interface must not be higher than
the throughput for the Physical Interface to which the VLAN Interface
belongs.
The throughput is for uplink speed (outgoing traffic) and typically must
correspond to the speed of an Internet link (such as an ADSL line), or the
combined speeds of several such links when they are connected to a single
Physical Interface.
Caution! Make sure you set the interface speed correctly. When the
bandwidth is set, the Master Engine always scales the total amount of
traffic on this interface to the bandwidth you defined. This happens even if
there are no bandwidth limits or guarantees defined for any traffic.
MTU
(Optional)
The MTU (maximum transmission unit) size for Virtual IPS engines that use
this interface. Either enter a value between 400-65535 or select a common
MTU value from the list.
Caution! The MTU for each VLAN Interface must not be higher than the MTU
for the Physical Interface to which the VLAN Interface belongs.
The default value (also the maximum standard MTU in Ethernet) is 1500.
Do not set a value larger than the standard MTU unless you know that all
the devices along the communications path support it.
Reset Interface
(Optional, only if Physical
Interface Type is Capture
Interface)
Select a TCP Reset Interface for traffic picked up through this Capture
Interface. This is the interface through which TCP connection resets are
sent when Reset responses are used in your IPS policy.
Table 7.4 VLAN Interface Properties for Hosted Virtual IPS Engine Communications (Continued)
Option Explanation