How do I manage Virtual Segments on the SMS?

Product / Version includes:

Last updated: 2024/08/01

Solution ID: KA-0017321

Category:

Summary

This article describes the procedures required to create, delete, edit, and manage virtual segments on the SMS.

Virtual segment can be set up to define traffic using a VLAN ID, an endpoint pair (source and destination IP addresses of a packet), or both. One or more physical segments are then assigned to the virtual segment. Virtual segments are members of a segment group and the assigned devices are not exposed in segment group membership. You define the priority order for virtual segment so that any overlapping definitions are resolved.

Special Notes

Virtual segments appear only if the user can access the segment group for the virtual segment.
Virtual segments that do not initially contain any physical segments can be created.
IPS devices with virtual segments that were configured locally on an IPS device and then added to the SMS are merged into the global virtual segment listing.
A Virtual Segment must contain at least one VLAN ID, Source IP, or Destination IP traffic definition.

How To: Common Task

Log in to the SMS from a client.
On the SMS toolbar, navigate to the Devices.
Select Virtual Segments from the navigation menu.

TIP: For better management, you may want to create a unique segment group prior to creating a new virtual segment.

How To: Create a Virtual Segment

To create a virtual segment, do one of the following:
- Click New.
- Right-click and select New.
- On the top menu, select File > New > Virtual Segment.
For the Name & Traffic Criteria screen, complete the following description entries for the virtual segment.
- Name - must be unique among all existing virtual segments
- Description - a brief explanation about the virtual segment
Complete any of the following criteria you want to use to define the traffic for the virtual segment:
- VLAN- can be one or more comma-separated VLAN IDs or a Named Resource.
- Source IP Address - can be one or more comma-separated CIDRs or a Named Resource. Ranged-based Named Resources is not supported.
- Destination IP Address - can be one or more comma-separated CIDRs or a Named Resource. Ranged-based Named Resources is not supported.
From the left navigational menu, select Physical Segments.
Select one or more physical segments from the Physical Segments list you want to assign to the virtual segment.
Select Validation Report from the left navigation menu to view the results of the validation check. To view complete report details, select an entry in the Validation Report table.
Click OK to create the new segment.
When the Segment Group Membership dialog box displays, select a group for this virtual segment. If no custom segment groups have been created, the virtual segment is automatically assigned to the default segment group.
Click OK to save the settings.

How To: Edit a Virtual Segment

To edit a virtual segment, do one of the following:
- Highlight the desired segment and click Edit.
- Highlight the desired segment, right-click, and select Edit.
- Highlight the desired segment, and on the top menu, select Edit->Virtual Segment.
- Double-click the desired segment.
For the Name & Traffic Criteria screen, make any needed changes to the following description entries for the virtual segment.
- Name - must be unique among all existing virtual segments
- Description - a brief explanation about the virtual segment
Make any needed changes to the following criteria you want to use to define the traffic for the virtual segment:
- VLAN- can be one or more comma-separated VLAN IDs or a Named Resource.
- Source IP Address - can be one or more comma-separated CIDRs or a Named Resource. Ranged-based Named Resources is not supported.
- Destination IP Address - can be one or more comma-separated CIDRs or a Named Resource. Ranged-based Named Resources is not supported.
Select Physical Segments from the left navigational menu to change the physical segments.
- Select one or more physical segments from the Physical Segments list you want to assign to the virtual segment.
Select Validation Report from the left navigations menu to view the results of the validation check.
- For complete report details, select an entry in the Validation Report table.
- Click Details.
Click OK to save the new settings.

How To: Reorder a Virtual Segment

Note: The ANY-ANY segment is not in the virtual segment list. It can exist or be deleted. The priority order for traffic matching on an IPS device is virtual segment, physical segment, and then the ANY-ANY segment.

Select a virtual segment and do one of the following:
Click Reorder or right-click and select Reorder.
Click the appropriate button:
- Move Up
- Move Down
To save the new order, do one of the following:
- Click Apply.
- Right-click and select Apply.

How To: Delete a Virtual Segment

In the Virtual Segments table, select a virtual segment entry.
Do one of the following:
- Highlight the desired segment and click Delete.
- Highlight the desired segment, right-click, and select Delete.
- On the top menu bar, select the Edit > Delete menu item.
The Confirm Delete dialog box displays.
Click Yes.

Reference: SMS User Guide

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

How do I manage Virtual Segments on the SMS?

How do I manage Virtual Segments on the SMS?

Product / Version includes:

Summary