vShield Edge provides features such a firewall, NAT, DHCP and load balancing.
Deploying a vShield Edge instance is pretty simple!
Before doing so you must have vShield Manager installed and licensed (this is now all under one product called vCloud Networking and Security in the latest 5.x versions).
You can confirm this checking the licensing section and also that vShield shows in the solutions section of vSphere client.
Also see here.. vCloud Networking and Security - Installing vShield Manager 5.1. Once you are at this stage you can proceed.
1. Login to vCenter server with the vSphere Client
2. Click on your datacenter object and select the Network Virtualisation tab
3. Click the plus (+) to add an Edge device
4. Enter a name and hostname in the "Add Edge" dialog.
5. Enter credentials for the actual Edge device CLI
6. Select the appliance size
If you are testing select compact, if you are in production select Large or X-Large (but this does not support SSLVPN).
Tick "Enable auto rule generation"
7. Enter an IP for the Edge device (aka gateway) management interface
Select the vNIC, enter the IP and mask.
8. Enter the default gateway IP and vNic used for the default gateway.
9. Decide whether to enable the default firewall poicy and its configuration.
Tick "Enable Firewall default policy"
Select Accept for Default traffic policy
Select disable for logging
10. Review the summary of configuration is correct.
Click Finish to install the Edge gateway.
Note: I found in the logs that the vShield Manager VM requires access to the ESXi host on port 902 to check if the VM has been deployed. Otherwise it failed. (this was not in VMware's port list!)
11. Your Edge gateway is now deployed.
You can now proceed to configure features such as load balancing (this is being covered in the next article).
Share this blog post on social media:Tweet
All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.