Deployment: Network Interface

All modes need the relevant network interface settings configured. Some modes require slightly different information than other modes. The following procedures call out the different settings needed.

Network interface settings include:

Host Information
Data Interface Settings
Management Interface Settings
Miscellaneous Settings

Host Information

All modes require the host information to be entered. Before starting this procedure, be sure you have:

Selected your deployment mode
Configured any mode-specific settings

To enter the host information:

Using the Deployment Wizard, select the appropriate deployment mode radio button and click Next.
Set any mode-specific settings and click Next.
Type the applicable Fully Qualified Domain name (FQDN) for the IWSVA host.
Note: A fully qualified hostname is required. Trend Micro recommends creating a DNS entry for the IWSVA server's hostname in their DNS server.

Continue to the section about the Interface Status.

Interface Status

IWSVA provides a graphical representation of the physical Ethernet ports on the IWSVA server to simplify the configuration of the network ports. The Interface Status graphic shows the status and function of the available interfaces.

Use the following table to interpret the status and function of the Ethernet ports used for configuration purposes in the Interface Status section.

	Link not detected. Could be an empty port, cable may be loose or broken, or the peer machine may be down.
	Link ok
	Link error
	Link disabled
M	Management interface
D	Data interface
H	HA (or Heartbeart) Interface

Data Interface

The Data Interface supports end-user Internet traffic to and from the internal network. Use the following procedure to configure the host name and IP settings for the data (bridge or proxy) interfaces.

Warning: Do NOT configure the data interface and the management interface in the same network subnet. If they are in the same network segment, the IWSVA internal firewall will prevent proper forwarding of HTTP and FTP traffic.

Before starting this procedure, be sure you have:

Selected your deployment mode
Configured any mode-specific settings
Configured the IWSVA host information

To configure the Data Interface settings:

Go to Administration > Deployment Wizard.
After selecting your deployment mode, click next, and configure any mode-specific settings, if necessary.
Click Next and configure the host information.
Click Next and go to the Network Interface page.
Enter a host name for IWSVA and click Next.
Configure the Data interface.

All modes except Transparent Bridge mode: Select the appropriate Ethernet port from the Ethernet Interface drop-down list for the data interface. The dynamic Interface Status graphic displays your selection.
Transparent Bridge Mode only: Select the appropriate Ethernet ports from the drop-down lists for the Internal and External interfaces. The Interface Status graphic displays your selection.
Select the IP address type from the drop-down list:

Static IP address - to configure IP settings for the interface manually.
Dynamic IP address (DHCP) - to have a DHCP server assign IP settings to the interface.

Note: The Ethernet Interface for the Transparent Bridge mode is predetermined.

Enter the IP address and Netmask.

Transparent Bridge Mode and Transparent Bridge Mode HA only: Click the check box to enable the VLAN ID (1-4094).
Check the check box to Enable STP. (HA mode only.)
Tip: Enabling STP allows IWSVA to prevent possible network loops in HA mode if the heartbeat signal is lost. Trend Micro recommends enabling RSTP on upstream and downstream switches. Disable this setting for quicker network convergence.
Check the Enable Ping check box to check the connection. Select this option to respond to PING requests. Disable this option if you do not want this interface tp be pinged. MORE>>

Activate PING on an interface allows you to issue PING commands to check the network status of the IWSVA appliance. For example, if there is no reply from IWSVA after a PING request, the appliance may be down or there is a problem with network connection.
Do one of the following:
Continue with the deployment mode settings, if you are setting up IWSVA for the first time or
Click Next and click through the remaining screens if you have already setup your deployment mode and are just modifying the data interface.

Separate Management Interface

The separate management interface offers administrators an independent interface to log in to the IWSVA device, either through the Web console or through SSH.

Enabling and disabling the separate management interface is done by setting the values and enabling them through the Network Settings page of the Deployment Wizard. For more information, see Management Interface.

Before starting this procedure, be sure you have:

Selected your deployment mode
Configured any mode-specific settings
Configured the IWSVA host information
Configured the Data Interface information

To setup the separate management interface:

Continue working from the Network Interface page of the Deployment Wizard.
Check the check box for the Enable Management Interface.
Select an Ethernet interface from the drop-down list.
Check the Enable Ping check box to check the connection. Select this option to respond to PING requests on the data interface. Disable this option if you do not want anyone to PING this interface. MORE>>

Activate PING on an interface allows you to issue PING commands to check the network status of the IWSVA appliance. For example, if there is no reply from IWSVA after a PING request, the appliance may be down or there is a problem with network connection.
Enter a static IP address for the management interface device.
Enter the netmask (subnet mask) for the management interface device.
Do one of the following:
Continue with the deployment mode settings, if you are setting up IWSVA for the first time or
Click Next and click through the remaining screens if you have already setup your deployment mode and are just adding the separate management interface.

Miscellaneous Settings

The Miscellaneous Settings allow you to obtain the dynamic information from DHCP or enter static information for:

Gateway IP address
Primary DNS server IP address
Secondary DNS server IP address

Before starting this procedure, be sure you have:

Selected your deployment mode
Configured any mode-specific settings
Configured the IWSVA host information
Configured data and management interface information

To configure the Miscellaneous settings:

Continue working from the Network Interface page of the Deployment Wizard.
Scroll to the Miscellaneous Setting section.
Do one of the following:
Check the Obtain from DHCP check box to have IWSVA obtain the dynamic Gateway, Primary, and Secondary DNS information OR
Type in the Gateway, Primary, and Secondary DNS information if it is static

Parameter	Description
Gateway	For static IP address configuration of the network device, type in the applicable IP address used as the gateway for this IWSVA installation.
Primary DNS	For static IP address configuration of the network device, type in the applicable IP address used as the primary DNS server for this IWSVA installation
Secondary DNS	For static IP address configuration of the network device, type in the applicable IP address used as the secondary DNS server for this IWSVA installation.

Click Next.
Continue to Static Routes.
Note: If you are joining an existing cluster, go to Summary.