VM-Series
Deployment
Guide
27
Set Up a VM-Series Firewall on the Citrix SDX Server
Supported Deployments—VM Series Firewall on Citrix SDX
For instructions, see
Deploy the VM-Series Firewall Using L3 Interfaces
.
VM-Series Firewall with L2 or Virtual Wire Interfaces
Deploying the VM-Series firewall using L2 interfaces or virtual wire interfaces requires reconfiguration on
the NetScaler VPX to remove direct connection to the servers. The VM-Series firewall can then be cabled
and configured to transparently intercept and enforce policy on traffic destined to the servers. In this
approach two data interfaces are created on the firewall and each belongs to a distinct zone. The security
policy is defined to allow traffic between the source and destination zones. For details, see
Deploy the
VM-Series Firewall Using Layer 2 (L2) or Virtual Wire Interfaces
.
Topology After Adding the VM-Series Firewall with L2 or Virtual Wire Interfaces
For security compliance, if USIP (Use client Source IP) is enabled on the NetScaler VPX, then
the VM-Series firewall requires a default route that points to the SNIP 192.168.1.1, in this
example. If a default NAT (mapped/SNIP) IP address is used, then you do not need to define a
default route on the VM-Series firewall.