Cisco Cisco Firepower Management Center 2000 Guía De Instalación
2-2
Cisco NGIPS for Blue Coat X-Series Installation and Configuration Guide
Chapter 2 Understanding Deployment
Understanding VAPs and VAP Groups
•
For passive deployments, create monitor (tap) circuits to ensure that a copy of the network traffic is
sent to the VAP group for analysis.
sent to the VAP group for analysis.
•
For inline deployments, create template (bridge) circuits and child circuits to provide logical
connections through a VAP group and between network interfaces.
connections through a VAP group and between network interfaces.
For more information on configuring and associating X-Series circuits for use in a Cisco NGIPS for Blue
Coat X-Series installation, see
Coat X-Series installation, see
,
Understanding VAPs and VAP Groups
Cisco NGIPS for Blue Coat X-Series uses Virtual Appliance Processors (VAPs) and VAP groups hosted
on Application Processor Modules (APMs) on blades of the X-Series platform, as described below:
on Application Processor Modules (APMs) on blades of the X-Series platform, as described below:
•
The X-Series platform can host one or more blades (APMs).
•
Each APM can host one VAP.
•
Each VAP can run one installation of Cisco NGIPS for Blue Coat X-Series.
•
Each VAP functions like a managed device in the FireSIGHT System, and appears on its managing
Defense Center as a device.
Defense Center as a device.
•
A VAP group is a combination of VAPs, similar to physical device clustering, configured through
the X-Series command line interface (CLI).
the X-Series command line interface (CLI).
When you install Cisco NGIPS for Blue Coat X-Series on a VAP, the name you give to the VAP appears
on the Defense Center web interface as the name of the device.
on the Defense Center web interface as the name of the device.
In the following diagram, three APMs (
APM1
,
APM2
, and
APM3
) each host one installation of Cisco NGIPS
for Blue Coat X-Series on each VAP (
VAP1
,
VAP2
, and
VAP3
). These three APMs are configured as a single
VAP group (
Cisco NGIPS for Blue Coat X-Series VAP Group
). In the Defense Center web interface,
each VAP appears as a separate software device that you must add and configure individually.
If you use a device group on the FireSIGHT System, you can create a VAP group that parallels the
structure of the device group. Use the same or similar names for VAP groups and their corresponding
device groups to make management easier.
structure of the device group. Use the same or similar names for VAP groups and their corresponding
device groups to make management easier.