Network Requirements
To enable the flow of traffic between the components and the monitoring tools, your VNets and VMs should meet the following requirements:
| • | Subnets for VNet |
| • | Network Interfaces (NICs) for VMs |
Subnets for VNet
Table 1: Types of Subnets lists the two recommended subnets that your VNet must have to configure the GigaSECURE® Cloud components in Azure.
|
Subnet |
Description |
||||||
|
Management Subnet |
Subnet that the GigaVUE-FM uses to communicate with the GigaVUE V Series nodes and controllers. |
||||||
|
Data Subnet |
A data subnet can accept incoming mirrored traffic from agents to the GigaVUE V Series nodes or be used to egress traffic to a tool from the GigaVUE V Series nodes.
Note: If you are using a single subnet, then the Management subnet will also be used as a Data Subnet. |
Network Interfaces (NICs) for VMs
For G-vTAP agents to mirror the traffic from the VMs, you must configure one or more Network Interfaces (NICs) on the VMs.
| • | Single NIC—If there is only one interface configured on the VM with the G-vTAP agent, the G-vTAP agent sends the mirrored traffic out using the same interface. |
| • | Multiple NICs—If there are two or more interfaces configured on the VM with the G-vTAP agent, the G-vTAP agent monitors any number of interfaces but has an option to send the mirrored traffic out using any one of the interfaces or using a separate, non-monitored interface. |
Network Security Groups
A network security group defines the virtual firewall rules for your VM to control inbound and outbound traffic. When you launch GigaVUE-FM, GigaVUE V Series Controllers, GigaVUE V Series nodes, and G-vTAP Controllers in your VNet, you add rules that control the inbound traffic to VMs, and a separate set of rules that control the outbound traffic.
It is recommended to create a separate security group for each component using the rules and port numbers listed in Table 2: Security Group Rules .
|
Direction |
Protocol |
Port Range |
Source and CIDR, IP, or Security Group |
Purpose |
|
|
GigaVUE-FM Inside Azure |
|||||
|
Inbound |
HTTPS |
TCP(6) |
443 |
Anywhere Any IP |
Allows G-vTAP Controllers, GigaVUE V Series Controllers, and GigaVUE-FM administrators to communicate with GigaVUE-FM |
|
G-vTAP Controller |
|||||
|
Inbound |
Custom TCP Rule |
TCP |
9900 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with G-vTAP Controllers
|
|
G-vTAP Agent |
|||||
|
Inbound |
Custom TCP Rule |
TCP |
9901 |
Custom G-vTAP Controller IP |
Allows G-vTAP Controllers to communicate with G-vTAP agents |
|
GigaVUE V Series Controller |
|||||
|
Inbound |
Custom TCP Rule |
TCP |
9902 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with GigaVUE V Series Controllers |
|
GigaVUE V Series node |
|||||
|
Inbound |
Custom TCP Rule |
TCP |
9903 |
Custom GigaVUE V Series Controller IP |
Allows GigaVUE V Series Controllers to communicate with GigaVUE V Series nodes |
|
VXLAN Traffic |
|||||
|
Inbound |
Custom UDP Rule |
VXLAN |
4789 |
|
Allows mirrored traffic from G-vTAP agents to be sent to GigaVUE V Series nodes using VXLAN tunnel Allows monitored traffic to be sent from GigaVUE V Series nodes to the tools using VXLAN tunnel |
MORE INFORMATION 
