Example: deploying Virtual Firewalls for MSSP customers

An example of configuring Master Engines and Virtual Firewalls in an MSSP environment.

Company A is an MSSP (Managed Security Services Provider). Customer 1 and Customer 2 are customers of Company A. The customers each want one Virtual Firewall with two Physical Interfaces. The administrators at Company A decide to use their existing Engine appliance as a Master Engine to host Virtual Firewalls for Customer 1 and Customer 2. Separate administrative Domains have already been configured for each customer. The engine already has a license that allows the creation of Virtual Resources.

The administrators at Company A:

  1. Create a Master Engine element in the Shared Domain.
  2. Create one Virtual Resource element for each customer’s Virtual Firewall and select the appropriate Domain for each Virtual Resource:
    Table 1. Virtual resources details
    Virtual resource name Domain
    Customer 1 Virtual Resource Customer 1 Domain
    Customer 2 Virtual Resource Customer 2 Domain
  3. Create the following Physical Interfaces on the Master Engine:
    Table 2. Physical interfaces details
    Interface ID Description
    0 Physical Interface for the Master Engine’s own traffic
    1 Physical Interface for hosted Virtual Firewall traffic
  4. Add an IPv4 address for each Master Engine node to Physical Interface 0.
  5. Add the following VLAN Interfaces to Physical Interface 1 and select the appropriate Virtual Resource for each VLAN Interface:
    Table 3. VLAN interfaces details
    Interface ID Virtual resource Description
    VLAN 1.1 Customer 1 Virtual Resource VLAN Interface for the first Physical Interface on the Virtual Firewall for Customer 1
    VLAN 1.2 Customer 1 Virtual Resource VLAN Interface for the second Physical Interface on the Virtual Firewall for Customer 1
    VLAN 1.3 Customer 2 Virtual Resource VLAN Interface for the first Physical Interface on the Virtual Firewall for Customer
    VLAN 1.4 Customer 2 Virtual Resource VLAN Interface for the second Physical Interface on the Virtual Firewall for Customer 2
  6. Create a Virtual Firewall element for each customer and select the appropriate Virtual Resource for each Virtual Firewall:
    Table 4. Virtual firewall details
    Virtual firewall Virtual resource
    Customer 1 Virtual Firewall Customer 1 Virtual Resource
    Customer 2 Virtual Firewall Customer 2 Virtual Resource
  7. Add IP addresses to the Physical Interfaces on the Virtual Firewalls.
  8. Refresh the policy on the Master Engine.
  9. Refresh the policy on the Virtual Firewalls.