Deployment: Network Interface Parent topic

All modes need the relevant network interface settings configured. Some modes require slightly different information than other modes. The following procedures call out the different settings needed.
Network interface settings include:

Host Information

All modes require the host information to be entered. Before starting this procedure, be sure you have:
  • Selected your deployment mode
  • Configured any mode-specific settings
To enter the host information:
  1. Using the Deployment Wizard, select the appropriate deployment mode radio button and click Next.
  2. Set any mode-specific settings and click Next.
  3. Type the applicable Fully Qualified Domain name (FQDN) for the IWSVA host.
    Note
    Note
    A fully qualified hostname is required. Trend Micro recommends creating a DNS entry for the IWSVA server's hostname in their DNS server.
  4. Continue to the section about the Interface Status.

Interface Status

IWSVA provides a graphical representation of the physical Ethernet ports on the IWSVA server to simplify the configuration of the network ports. The Interface Status graphic shows the status and function of the available interfaces.
Use the following table to interpret the status and function of the Ethernet ports used for configuration purposes in the Interface Status section.
no_link.gif Link not detected. Could be an empty port, cable may be loose or broken, or the peer machine may be down.
link_ok_hs.gif Link ok
link_error.gif Link error
link_disabled_hs.gif Link disabled
M Management interface
D Data interface
H About the HA (or Heartbeat) Interface

Data Interface

The Data Interface supports end-user Internet traffic to and from the internal network. Use the following procedure to configure the host name and IP settings for the data (bridge or proxy) interfaces. You can use both IPv4 and IPv6 addresses.
Note
Note
Do NOT configure the data interface and the management interface in the same network subnet. If they are in the same network segment, the IWSVA internal firewall will prevent proper forwarding of HTTP and FTP traffic.
Before starting this procedure, be sure you have:
  • Selected your deployment mode
  • Configured any mode-specific settings
  • Configured the IWSVA host information
To configure the Data Interface settings:
  1. Go to Administration > Deployment Wizard.
  2. After selecting your deployment mode, click next, and configure any mode-specific settings, if necessary.
  3. Click Next and configure the host information.
  4. Click Next and go to the Network Interface page.
  5. Enter a host name for IWSVA and click Next.
  6. Configure the Data interface.
    1. All modes except Transparent Bridge mode: Select the appropriate Ethernet port from the Ethernet Interface drop-down list for the data interface. The dynamic Interface Status graphic displays your selection.
    2. Transparent Bridge Mode only: Select the appropriate Ethernet ports from the drop-down lists for the Internal and External interfaces. The Interface Status graphic displays your selection.
    3. Select the IP address type from the drop-down list:
      • Static IP address - to configure IP settings for the interface manually.
      • Obtain from (DHCP) - to have a DHCP server assign IP settings to the interface. (IPv6 addresses, gateways, and DNS can be obtained from DHCPv6.
    4. Enter the IP address and Netmask.
    5. Check the Enable Ping check box to check the connection. Select this option to respond to PING requests. Disable this option if you do not want this interface to be pinged.
      Activate PING on an interface allows you to issue PING commands to check the network status of the IWSVA appliance. For example, if there is no reply from IWSVA after a PING request, the appliance may be down or there is a problem with network connection.
    6. Transparent Bridge Mode and Transparent Bridge Mode HA only: (Optional) Click the check box to enable the VLAN ID (1-4094).
    7. Check the check box to Enable STP. (HA mode only.)
      Tip
      Tip
      Enabling STP allows IWSVA to prevent possible network loops in HA mode if the heartbeat signal is lost. Trend Micro recommends enabling RSTP on upstream and downstream switches. Disable this setting for quicker network convergence.
    8. Do one of the following:
      • Continue with the deployment mode settings, if you are setting up IWSVA for the first time or
      • Click Next and click through the remaining screens if you have already setup your deployment mode and are just modifying the data interface.

Separate Management Interface

The separate management interface offers administrators an independent interface to log in to the IWSVA device, either through the Web console or through SSH.
Enabling and disabling the separate management interface is done by setting the values and enabling them through the Network Settings page of the Deployment Wizard. You can use both IPv4 and IPv6 addresses. For more information, see Management Interface.
Before starting this procedure, be sure you have:
  • Selected your deployment mode
  • Configured any mode-specific settings
  • Configured the IWSVA host information
  • Configured the Data Interface information
To setup the separate management interface:
  1. Continue working from the Network Interface page of the Deployment Wizard.
  2. Check the check box for the Enable Management Interface.
  3. Select an Ethernet interface from the drop-down list.
  4. Check the Enable Ping check box to check the connection. Select this option to respond to PING requests on the data interface. Disable this option if you do not want anyone to PING this interface.
    Activate PING on an interface allows you to issue PING commands to check the network status of the IWSVA appliance. For example, if there is no reply from IWSVA after a PING request, the appliance may be down or there is a problem with network connection.
  5. Enter a static IP address for the management interface device.
  6. Enter the netmask (subnet mask) for the management interface device.
  7. Do one of the following:
    • Continue with the deployment mode settings, if you are setting up IWSVA for the first time or
    • Click Next and click through the remaining screens if you have already setup your deployment mode and are just adding the separate management interface.

Miscellaneous Settings (IPv4 and IPv6)

The Miscellaneous Settings (IPv4 and IPv6) sections allow you to obtain the dynamic information from DHCP or enter static information for:
  • Gateway IP addresses
  • Primary DNS server IP addresses
  • Secondary DNS server IP addresses
Before starting this procedure, be sure you have:
  • Selected your deployment mode
  • Configured any mode-specific settings
  • Configured the IWSVA host information
  • Configured data and management interface information
To configure the Miscellaneous settings:
  1. Continue working from the Network Interface page of the Deployment Wizard.
  2. Scroll to the Miscellaneous Setting section.
  3. Do one of the following:
    • Check the Obtain from DHCP check box to have IWSVA obtain the dynamic Gateway, Primary, and Secondary DNS information OR
    • Type in the Gateway, Primary, and Secondary DNS information if it is static
      Parameter Description
      Gateway For static IP address configuration of the network device, type in the applicable (IPv4 or IPv6) IP address used as the gateway for this IWSVA installation.
      Primary DNS For static IP address configuration of the network device, type in the applicable IP address used as the primary DNS server for this IWSVA installation
      Secondary DNS For static IP address configuration of the network device, type in the applicable IP address used as the secondary DNS server for this IWSVA installation.
  4. Click Next.
  5. Continue to Static Routes.
    Note
    Note
    If you are joining an existing cluster, go to Summary.