One or more instances of the VM-Series firewall can
be deployed to secure east-west and/or north-south traffic on the
network; virtual wire interfaces, Layer 2 interfaces, and Layer 3
interfaces are supported. To deploy the firewall, see Install the VM-Series Firewall on the SDX Server.
Once deployed the VM-Series firewall works harmoniously with
the NetScaler VPX (if needed), which is a virtual NetScaler appliance
deployed on the SDX server. The NetScaler VPX provides load balancing
and traffic management functionality and is typically deployed in
front of a server farm to facilitate efficient access to the servers. For
a complete overview of NetScaler feature/functionality, refer to
When the VM-Series is paired to work with the NetScaler VPX, the
complementary capabilities enhance your traffic management, load
balancing, and application/network security needs.
This document assumes that you are familiar with the networking
and configuration on the NetScaler VPX. In order to provide context
for the terms used in this section, here is a brief refresher on
the NetScaler owned IP addresses that are referred to in this document:
NetScaler IP address (NSIP): The NSIP is the IP address
for management and general system access to the NetScaler itself,
and for HA communication.
Mapped IP address (MIP): A MIP is used for server-side connections.
It is not the IP address of the NetScaler. In most cases, when the
NetScaler receives a packet, it replaces the source IP address with
a MIP before sending the packet to the server. With the servers
abstracted from the clients, the NetScaler manages connections more
Virtual server IP address (VIP): A VIP is the IP address
associated with a vserver. It is the public IP address to which
clients connect. A NetScaler managing a wide range of traffic may
have many VIPs configured.
Subnet IP address (SNIP): When the NetScaler is attached
to multiple subnets, SNIPs can be configured for use as MIPs providing
access to those subnets. SNIPs may be bound to specific VLANs and