Master Engine and Virtual Engine configuration overview

Master Engine and Virtual Engine configuration consists of creating Master Engines and associating Virtual Engines with the Master Engines.

By default, a Master Engine element has placeholders for two nodes when the element is created. A Master Engine can have 1–16 nodes. If you do not need to use clustering on the Master Engine, you can remove one of the automatically created nodes.

Note: All Virtual Engines on the same Master Engine must have the same Virtual Engine role (Firewall/VPN, IPS, or Layer 2 Firewall). To use more than one Virtual Engine role, you must create a separate Master Engine for each Virtual Engine role. Each Master Engine must be on a separate physical Master Engine appliance.
The configuration consists of the following general steps:
  1. Generate and install Engine licenses for the Master Engine.
  2. Create a Master Engine element.
  3. Create a Virtual Resource element.
  4. Configure Physical or VLAN Interfaces for the Master Engine and assign Virtual Resources to the interfaces.
  5. Create Virtual Engine elements.
  6. Configure Physical, VLAN, or Tunnel Interfaces for the Virtual Engines.
  7. Configure routing for the Master Engine and for Virtual Firewalls.
    Note: You cannot configure routing for Virtual IPS engines or Virtual Layer 2 Firewalls.
  8. Install or refresh the policy on the Master Engine to transfer changes to the Master Engine’s Physical/VLAN Interfaces and the mapping of Virtual Engines to Master Engine Interfaces.
  9. Install or refresh the policy on the Virtual Engines.