Running Security Engines as Master Security Engines

There are some hardware requirements and configuration limitations when you use an Security Engine as a Master Security Engine.

Running the Security Engine as a Master Security Engine does not require a third-party virtualization platform. When you run Security Engine as a Master Security Engine, the Security Engine hardware provides the virtual environment and resources for the hosted Virtual Security Engines. You must always install the Security Engine software on a hardware device to run the Security Engine as a Master Security Engine.

You can run Master Security Engines on the following types of hardware platforms:

Purpose-built Security Engine appliances with 64-bit architecture
Third-party hardware with 64-bit architecture that meets the hardware requirements

For information about system requirements, see the Release Notes.

The following limitations apply when you use an Security Engine as a Master Security Engine:

Each Master Security Engine must run on a separate 64-bit physical device.
All Virtual Security Engines hosted by a Master Security Engine or Master Security Engine cluster must have the same role and the same Failure Mode (fail-open or fail-close).
Master Security Engines can allocate VLANs or interfaces to Virtual Security Engines. If the Failure Mode of the Virtual IPS engines or Virtual Layer 2 Engines is Normal (fail-close) and you want to allocate VLANs to several engines, you must use the Master Security Engine cluster in standby mode.