Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

How do I manage Virtual Segments on the SMS?

    • Updated:
    • 24 Aug 2017
    • Product/Version:
    • TippingPoint SMS All
    • TippingPoint Virtual SMS
    • Platform:
Summary

This article describes the procedures required to create, delete, edit and perform management of Virtual Segments on the SMS.

Virtual segment can be set up to define traffic using a VLAN ID, an endpoint pair (source and destination IP addresses of a packet), or both. One or more physical segments are then assigned to the virtual segment. Virtual segments are members of a segment group and the assigned devices are not exposed in segment group membership. You define the priority order for virtual segment so that any overlapping definitions are resolved.

Special Notes

  •  Virtual segments appear only if the user has access to the segment group for the virtual segment.
  •  Virtual segments can be created which do not initially contain any physical segments.
  •  IPS devices with virtual segments that were configured locally on an IPS device and then added to the SMS are merged to the global virtual segment listing.
  •  A Virtual Segment must contain at least one VLAN ID, Source IP, or Destination IP traffic definition.
Details
Public

How To: Common Task

  1. Log in to the SMS from a client.
  2. On the SMS toolbar, navigate to the Devices.
  3. Select Virtual Segments from the navigation menu.

TIP: For better management, you may want to create a unique segment group prior to creating a new virtual segment.

 


How To: Create a Virtual Segment

  1. To create a virtual segment do one of the following:
    • Click New.
    • Right-click and select New.
    • On the top menu select File -> New ->Virtual Segment.
  2. For the Name & Traffic Criteria screen, complete the following description entries for the virtual segment.
    • Name - must be unique among all existing virtual segments
    • Description - a brief explanation about the virtual segment
  3. Complete any of the following criteria you want to use to define the traffic for the virtual segment:
    • VLAN- can be one or more comma-separated VLAN IDs or a Named Resource.
    • Source IP Address - can be one or more comma-separated CIDRs or a Named Resource. Ranged-based Named Resources is not supported.
    • Destination IP Address - can be one or more comma-separated CIDRs or a Named Resource. Ranged-based Named Resources is not supported.
  4. From the left navigational menu, select Physical Segments.
  5. Select one or more physical segments from the Physical Segments list that you want to assign to the virtual segment.
  6. Select Validation Report from the left navigations menu to view the results of the validation check. For complete report details, select an entry in the Validation Report table.
  7. Click OK to create the new segment.
  8. When the Segment Group Membership dialog box displays, select a group for this virtual segment. If no custom segment groups have been created, the virtual segment is automatically assigned to the default segment group.
  9. Click OK to save the settings.

How To: Edit a Virtual Segment

  1. To edit a virtual segment do one of the following:
    • Highlight the desired segment and click Edit.
    • Highlight the desired segment, right-click and select Edit.
    • Highlight the desired segment and on the top menu select Edit->Virtual Segment.
    • Double-click the desired segment.
  2. For the Name & Traffic Criteria screen, make any needed changes to the following description entries for the virtual segment.
    • Name - must be unique among all existing virtual segments
    • Description - a brief explanation about the virtual segment
  3. Make any needed changes to the following criteria you want to use to define the traffic for the virtual segment:
    • VLAN- can be one or more comma-separated VLAN IDs or a Named Resource.
    • Source IP Address - can be one or more comma-separated CIDRs or a Named Resource. Ranged-based Named Resources is not supported.
    • Destination IP Address - can be one or more comma-separated CIDRs or a Named Resource. Ranged-based Named Resources is not supported.
  4. Select Physical Segments from the left navigational menu to make changes to the physical segments.
    • Select one or more physical segments from the Physical Segments list that you want to assign to the virtual segment.
  5. Select Validation Report from the left navigations menu to view the results of the validation check.
    • For complete report details, select an entry in the Validation Report table.
    • Click Details.
  6. Click OK to save the new settings.

How To: Reorder a Virtual Segment

Note: The ANY-ANY segment is not in the virtual segment list. It can exist or be deleted. The priority order for traffic matching on an IPS device is virtual segment, physical segment, and then the ANY-ANY segment.

  1. Select a virtual segment and do one of the following:
  2. Click Reorder or right-click and select Reorder.
  3. Click the appropriate button:
    • Move Up
    • Move Down
  4. To save the new order, do one of the following:
    • Click Apply.
    • Right-click and select Apply.

How To: Delete a Virtual Segment

  1. In the Virtual Segments table, select a virtual segment entry.
  2. Do one of the following:
    • Highlight desired segment and click Delete.
    • Highlight desired segment, right-click and select Delete.
    • On the top menu bar, select the Edit -> Delete menu item.
  3. The Confirm Delete dialog box displays.
  4. Click Yes.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000087450
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.