Before You Begin
Before installing and configuring your VM-Series firewall, know and
account for the following items as needed when you configure your VM-Series firewall:
Before installing the VM-Series, you must create the vSwitches
required for providing external connectivity for management access and for routing
traffic from and to the virtual machines that the firewall will secure. Hyper-V
allows you to create three types of vSwitches:
External vSwitch—binds to a physical network adapter and provides the
vSwitch access to a physical network.
Internal vSwitch—passes traffic between the virtual machines and the
Hyper-V host. This type of vSwitch does not provide connectivity to a
physical network connection.
Private vSwitch—passes traffic between the virtual machines on the
Hyper-V host only.
An external vSwitch is required for management of the VM-Series
firewall. Other vSwitches connected to the VM-Series firewall can be
of any type and will depend on your network topology.
If you are deploying the VM-Series firewall with interfaces enabled in
Layer 3 mode, make sure to enable use of hypervisor assigned MAC addresses so that
the hypervisor and the firewall can properly handle packets. Alternatively, use the
Hyper-V Manager to enable MAC address spoofing on the virtual network adapter for
each dataplane interface on the firewall. For more information, see
Hypervisor Assigned MAC Addresses.
If you are deploying the VM-Series firewall with interfaces enabled in
Layer 2 mode or virtual-wire mode, you must enable MAC address spoofing on the
virtual network adapter in Hyper-V for each dataplane interface on the firewall.
This setting is required to ensure that packets sent by the VM-Series
are not dropped by the virtual network adapter if the source MAC address does not
match the outgoing interface MAC address.
