To Add a New
Virtual IP AddressThe Virtual IP (VIP) feature provides network flexibility and security. In a Network Address Translation (NAT) environment, host computers use non-routable IP addresses inside the firewall while maintaining full Internet connection and functionality. This feature gives network administrators flexibility to expand their networks without being constrained by the scarcity of legal IP addresses. In addition, NAT also provides better network security by hiding internal network topology and host information from the outside world.
Setting a VIP for an interface in the Untrust zone generates an entry in the Global zone address book. The Global zone address book keeps all the VIPs of all interfaces, regardless of the zone to which the interface belongs. You can use these VIP addresses as the destination addresses in policies between any two zones.
The virtual IP table contains the following information:
VIP:
IP Address: Indicates the virtual IP address.
Configure: Click Edit to modify the virtual IP entry, click Remove to remove the entry.
Note: You cannot edit or remove a virtual IP entry when existing policies are still associated with it.
VIP Services:
Virtual Port: Indicates the port that the service is mapped to on the outside server. It may be the well-known port number of the specified service, or a registered port number.
Service (Port): Indicates the type of traffic the VIP routes (i.e. FTP), and the well-known port number of the service (i.e. 21).
Server IP: Indicates the IP address of the server that processes the requests for the virtual IP.
Status: Indicates whether the virtual IP is active (Up) or inactive (Down).
Configure: Click Edit to modify the virtual IP services, or click Remove to them.
To Add a New
Virtual IP AddressYou need the following information to define a Virtual IP:
The IP address for the VIP, which must be in the same subnet as the interface of the zone from which traffic is originating, and can even be the same address as that interface;
The IP addresses for the servers that process the requests.
Note:You can only create a virtual IP for interfaces in the Untrust zone.
Enter an IP address in the Virtual IP Address field, and then click Add to save it and add it to the VIP list.
After you add the first VIP, a New VIP Service button appears on the upper right corner of the page. For more information, see New VIP Service.
The New VIP Service button appears after you add the first VIP address. Once you create a virtual IP address, you can configure a service or a group of services for it.
To configure new VIP services, see Virtual IP Address Services Configuration.