Configure an Existing VA to Support Dual-NIC
- Open your existing VA in your preferred hypervisor's console or SSH to the VA.
- Run the command to show the configuration of the VA.
Ensure that the IP configured here is the IP that will be used for internal communication. This is the IP that your endpoints will use for DNS resolution.
Before adding a secondary network adapter, save the MAC address of the existing network adapter before adding a secondary network adapter.config va show - Shut down the VA and add a second network adapter using your hypervisor console.
This is the network adapter you will be using for your outbound communication. This should be of the same driver type as your primary network adapter.
Some platforms may not permit the addition of a second network adapter after the VA has been created. - Turn the VA on, enter the Configuration mode from the console or through SSH, and run the command
config va show. This command returns the name of the second adapter.
Adding a second adapter when the VA is powered on may result in the adapter not being detected or the corruption of the existing configuration. The VA needs to be compulsorily shut down before adding the second adapter. - For the secondary adapter, assign the IP, netmask, and gateway parameters to be used for outbound (Internet) communication. Enter:
config va interface <*interface name*> <*ip address*> <*netmask*> <*gateway*>.Verify against the MAC address of the respective adapters to ensure that the IP addresses are not misconfigured.
You cannot direct DNS requests to the IP configured on the secondary adapter because incoming DNS traffic will be blocked on this IP. - Once you have saved changes, enable traffic segregation.
Static routes are configured for the IP on the secondary adapter to all Secure Access destinations required for the proper functioning of the VA. Configuring additional static routes is currently not supported.
Enter:
config va dmz enable