Hyperscale firewall GUI changes
A hyperscale firewall VDOM has the following GUI changes:
Firewall policies include hyperscale options
To add a hyperscale firewall policy, go to Policy & Objects > Firewall Policy and select Create New and configure the hyperscale firewall policy as required.
IPv4 and NAT64 NAT hyperscale firewall policies can include CGN resource allocation IP Pools and other CGN options.
You can select Log Hyperscale SPU Offload Traffic to enable hyperscale firewall logging for all of the traffic accepted by the policy that is offloaded to NP7 processors.
Firewall policies in Hyperscale VDOMs do not support UTM or NGFW features.
The number of firewall policies that can be added to a hyperscale firewall VDOM is limited to 15,000. For more information, see About the 15,000 policy per hyperscale VDOM limit. |
CGN and hardware logging options in a hyperscale firewall policy
IPv4 CGN resource allocation IP pools and groups
You can configure CGN resource allocation IP pools to add carrier grade NAT features to IPv4 or NAT64 hyperscale firewall policies. Go to Policy & Objects > IP Pools, select Create New > IP Pool, and set IP Pool Type to IPv4 IP Pool. Then set Type to CGN Resource Allocation and select a Mode.
You can also create CGN IP pool groups by going to Create New > CGN IP Pool Group.
Hyperscale hardware logging servers
You can set up multiple hyperscale hardware logging servers and add them to server groups. This is a global feature and all hyperscale VDOMs can use these globally configured servers. To configure hardware logging, from the Global GUI, go to Log & Report > Hyperscale SPU Offload Log Settings.