Summary

This article describes the procedures required to create, delete, edit and perform management of Virtual Segments on the LSM.

Two virtual ports make up a virtual segment. The IPS can create policies for a virtual segment in a similar manner as it does for a physical segment. Virtual segments build on the concept of physical segments by adding the ability to use existing VLAN IDs and associated rules to further tag types of traffic. You can then apply specific filters to the virtual segment traffic or track the virtual segment traffic through IPS Events. Works exactly like physical segments with extra identifier, VLAN ID(s). If the traffic is VLAN tagged, the IPS checks for a virtual segment with the VLAN ID. If a virtual segment exists, the profile is used to determine the response. If there is not a virtual segment, the profile attached to the physical segment is used.

Virtual ports may also be organized into virtual segments. A virtual segment is made up of any two virtual ports that may include CIDR specifications, and can have a security profile and traffic management profile applied to it. Virtual segments enable further management of VLAN traffic. Virtual segments are saved on the IPS in a prioritized table, and security profiles and traffic management profiles are applied in order of priority. For example, if port 1A is assigned to two different virtual segments, the profiles that are assigned to the higher-priority segment will be applied to the traffic on that port before the profiles assigned to the lower-priority segment.