Using Virtual Ports
Configuring Virtual Ports
You can use virtual ports to provide different groups of users access to the same system using different IP aliases and domains.
Virtual ports are associated with the physical internal port and physical external port. The virtual port shares all the network settings with the associated physical port, except for the IP address.
When you configure virtual ports, you are creating name-IP address pairs. The names and IP addresses must be unique in your network. An alias can include IPv4 addresses, IPv6 addresses, or both. However, the corresponding IP protocol must be enabled on the physical port for the addresses to take effect.
To configure a virtual port:
- Select System > Network > PortName > Virtual Ports. PortName is Internal Port or External Port.
- Click New Port to display the configuration page.
- Complete the configuration as described in table.
- Save your changes.
|
Settings |
Guidelines |
|---|---|
|
Name |
Specify a name for the virtual port. The names and IP addresses in the virtual port configuration must be unique in your network. |
|
Physical Port |
Display the name of the physical port associated with the virtual port. The virtual port inherits link speed, ARP ping timeout, and MTU settings from the physical port configuration. |
|
IPv4 Address |
Specify an IPv4 address. An alias can include IPv4 addresses, IPv6 addresses, or both. However, the corresponding IP protocol must be enabled on the physical port for the addresses to take effect. |
|
IPv6 Address |
Specify an IPv6 address. An alias can include IPv4 addresses, IPv6 addresses, or both. However, the corresponding IP protocol must be enabled on the physical port for the addresses to take effect. |
Using Device Certificates with Virtual Ports
Virtual ports can be used to create multiple fully qualified domain names for user sign-in. When a user tries to sign in using the IP address defined in a virtual port, the system presents the certificate associated with the virtual port to initiate the SSL transaction.
You can approach the digital certificate security and virtual ports implementation in either of the following ways:
- Associate all hostnames with a single certificate—With this approach, you use a single wildcard certificate to validate the identity of all system hostnames, regardless of which hostname is used to sign in. A wildcard certificate includes a variable element in the domain name, making it possible for users who sign in from multiple hosts to map to the “same” domain. For example, if you create a wildcard certificate for *.yourcompany.com, the system uses the same certificate to validate its identity to users who sign in to employees.yourcompany.com as it does to users who sign into partners.yourcompany.com.
- Associate each hostname with its own certificate—With this approach, you associate different hostnames with different certificates. Create a virtual port for each hostname. A virtual port activates an IP alias on a physical port. For example, you can create two virtual ports on a single appliance, mapping the first virtual port to the IP address 10.10.10.1 (sales.yourcompany.com) and the second virtual port to the IP address 10.10.10.2 (partners.yourcompany.com). Then you can associate each of these virtual ports with its own certificate, ensuring that users authenticate through different certificates.
To associate certificates with virtual ports:
- Create virtual ports.
- Import the device certificates.
- Associate the device certificates with the virtual ports:
- Select System > Configuration > Certificates > Device Certificates.
- Click the link of the device certificate you want to configure to display the configuration page.
- Use the controls in the “Present certificate on these ports” section to associate ports with the certificate.