Applies To:

Show Versions Show Versions

Release Note: FirePass Controller version 7.0.0 Virtual Edition
Release Note

Updated Date: 08/30/2013

Summary:

This release note documents the version 7 release of the FirePass® Controller Virtual Edition.

Contents:

- What is FirePass Virtual Edition?
     - FirePass Virtual Edition updates
     - FirePass Virtual Edition compatibility with VMware hypervisor products
     - VMware system architecture components
     - FirePass VMware guest environment
- Deployment overview for FirePass Virtual Edition on VMware ESX or ESXi
     - FirePass Virtual Edition host machine requirements and recommendations
     - Creating the FirePass Virtual Edition virtual machine
     - Powering on the FirePass Virtual Edition virtual machine
     - Best practices for deploying FirePass Virtual Edition
- FirePass Virtual Edition known issues
- Contacting F5 Networks

What is FirePass Virtual Edition?

FirePass® Virtual Edition (VE) is a version of the FirePass system that runs as a virtual machine, packaged to run in a VMware hypervisor environment. FirePass VE includes all features of FirePass, running on standard hardware.

FirePass Virtual Edition updates

You can update FirePass Virtual Edition with the same updates, hotfixes, and patches as the hardware version of FirePass. FirePass VE does not require separate software updates.

FirePass Virtual Edition compatibility with VMware hypervisor products

FirePass Virtual Edition (VE) is compatible with VMware ESX 4.0 and VMware ESXi 4.0 hosts.

VMware system architecture components

The high-level architecture of FirePass Virtual Edition consists of a VMware guest environment, a hypervisor layer, and a physical layer.

Component Description
VMware guest environment This layer represents an image of FirePass VE, potentially sharing physical resources with other virtual machines running on the same hardware platform.
VMware hypervisor layer The VMware hypervisor software layer is a bare-metal hypervisor that simulates a set of dedicated resources for each FirePass virtual machine.
Hardware platform layer Physical resources such as CPU, memory, data storage, and network interface cards (NICs).

FirePass VMware guest environment

The virtual machine guest environment for FirePass VE includes these minimum characteristics:

  • 1 virtual CPU
  • 1 GB RAM
  • 3 virtual network adapters (e1000)
  • 1 30 GB iSCSI logic disk
  • 64 MB boot partition
  • 2 GB swap space
  • 4 GB root partition

Note: The guest environment does not support vmmemctl, the memory balloon driver.

VMware guest environments for different license types

Depending on the license and number of users of the FirePass VE system, you must adjust the initial VMware environment for FirePass VE according to the number of concurrent users you would like to support.

Performance and the ability to support a larger number of concurrent users may vary based on the following factors.

  • Virtual machine CPU cores and RAM allocated
  • ESX hardware system performance
  • SSL VPN modes enabled
  • End user traffic types
  • End user traffic load
  • WAN bandwidth

These are some examples of factors that may affect FirePass VE performance. Other factors may also affect performance. Depending on your the deployment goals, you may need to allocate additional virtual machine resources or deploy more FirePass VE instances across multiple ESX hardware systems. Refer to the following table for recommended minimum settings.

License Number of Concurrent Users Virtual CPUs Virtual RAM
5-FP-VE-LAB up to 10 1 512 MB
F5-FP-VE-100 up to 100 1 2 GB
F5-FP-VE-500 500-2000 4 8 GB

Deployment overview for FirePass Virtual Edition on VMware ESX or ESXi

To deploy the FirePass VE system on a VMware ESX or ESXi server, you perform the following tasks:

  • Verify the host machine requirements.
  • Create an instance of the FirePass system as a virtual machine on a host system.
  • Power on the FirePass VE virtual machine.
  • Assign a management IP address to the FirePass VE virtual machine.

After you complete these tasks, you can log in to the FirePass VE maintenance console as an administrative user, and you can perform basic network configuration tasks.

FirePass Virtual Edition host machine requirements and recommendations

There are specific requirements for the host system on which the FirePass VE system can run.

To successfully deploy and run the FirePass VE system, the host system must contain the following:

  • VMware ESX 4.0 or ESXi 4.0
  • VMware vSphere Client
  • Virtual hardware version 7

F5 Networks highly recommends that the host system contain CPUs based on AMD-V or Intel-VT technology.

Creating the FirePass Virtual Edition virtual machine

The first steps in deploying FirePass VE are to download the Zip file to your local system. You can then run the Deploy OVF Template wizard from within VMware vSphere Client. This wizard copies the file to the ESX/ESXi server and configures some network interface settings. Note that the Zip file contains a virtual disk image based on an Open Virtual Format (OVF) template. By following the steps in this procedure, you create an instance of the FirePass system that runs as a virtual machine on the host system.

  1. In a browser, open the F5 Downloads page, https://downloads.f5.com.
  2. Download the FirePass VE package.
  3. Extract the files from the Zip archive.
  4. Start VMware vSphere and log in.
  5. From the File menu, choose Deploy OVF Template.
    The Deploy OVF Template wizard starts.
  6. On the Source screen, click Deploy from file, and, using the Browse button, locate the OVA file. For example:
    \MyDocuments\Work\Virtualization\FP-7.0_20100505.ova
  7. Click Next.
    The OVF Template Details screen opens.
  8. Verify that the OVF template details are correct, and click Next.
    This displays the End User License Agreement.
  9. Read and accept the license agreement and click Next.
    The Name and Location screen opens.
  10. In the Name box, type a name for the FirePass virtual machine, such as: test_ve_system_1.
  11. In the Inventory Location pane, select a folder name. Click Next.
  12. If the host system is controlled by VMware vCenter, the Host Cluster screen opens. Choose the desired host and click Next. Otherwise, proceed to the next step.
  13. Map the source network Management Network to the name of a destination management network in your inventory. An example of a destination management network is Management.
  14. Map the source network Internal Network to the name of a destination non-management network in your inventory. An example of a destination internal network is Private Access.
  15. Map the source network External Network to the name of an external network in your inventory. An example of a destination external network is Public Access.
  16. Click Next.
    The Ready to Complete screen opens.
  17. Verify that all deployment settings are correct, and click Finish.

You can view the status of the FirePass VE virtual machine on the VMware vSphere Client screen.

Powering on the FirePass Virtual Edition virtual machine

You must power on the FirePass VE virtual machine.

  1. From the main vSphere Client window, click the Administration menu.
  2. In the left pane, select the virtual machine that you want to power on.
  3. Click the Summary tab, and, in the Commands area, click Power On.

Assigning a management IP address to a FirePass Virtual Edition virtual machine

FirePass VE needs an IP address assigned to its virtual management port.

  1. From the main vSphere Client window, click the Administration menu.
  2. In the left pane, select the virtual machine to which you want to assign the management IP address.
  3. Click the Console tab.
  4. After a few seconds, a login prompt appears.
  5. At the <user name> login prompt, type maintenance.
  6. Follow the instructions to set up the FirePass network and configure an administrative password.
  7. Select option 1 (Reset settings and/or admin password)
  8. Select option 1 (Reset settings and admin password).
  9. Set the initial Network Configuration settings for server, DNS, and Gateway IP addresses.

Logging on to the FirePass VE Administrative Console from a web browser

Note that you can refer to the FirePass Controller Getting Started Guide for more information on startup techniques.

  1. On a computer on the same network as the FirePass VE, start a web browser.
  2. In the web browser address bar, type the administrative URL and press Enter. The administrative URL for FirePass VE is
    https://192.168.1.99/admin/


    Be sure to include the ending slash (/) character when you specify the administrative URL.
  3. When the certificate warning message displays, accept it.
    The FirePass controller logon screen opens.
  4. In the Username box, type the default administrator name admin, and in the Password box, type the default administrator password admin.
  5. Click Go.
    The startup screen for unlicensed FirePass controllers opens, and you can start the Quick Setup process.

Best practices for deploying FirePass Virtual Edition

When deploying FirePass Virtual Edition on a VMware ESX or ESXi host, you should follow these best practices.

Issue Recommendation
Shared storage for virtual machines Use iSCSI for shared virtual machine storage. Most types of VMware-supported storage are acceptable.
Resource reservations Increase the 2GHz default CPU reservation to prioritize FirePass VE processing, if your normal traffic patterns cause FirePass VE to consistently exceed that reservation. FirePass VE presents a unique workload when virtualized, compared to other commonly virtualized services. Therefore, FirePass VE is deployed by default with a 2GHz CPU reservation and a 1GB memory reservation. Together, these reservations prevent system instability on heavily loaded VMware hosts. Note that these reservations should be considered minimal.

FirePass Virtual Edition known issues

The known issues in this release are as follows:

NFS and FirePass VE (CR140161)
Currently, you can not configure FirePass virtual hosts with NFS storage on the VMware ESX platform.

Failover with FirePass VE (CR140485)
In FirePass VE, in some failover situations, a failover FirePass VE system might not respond. Currently, the most stable failover configuration requires that you configure a FirePass VE failover pair on the same ESX or vSphere host, on the same local storage.


Contacting F5 Networks

  Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.


Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)