Page tree

Contents

To view and modify host configuration through the Cloud Services Portal, complete the following:

Note

You can also modify on-prem host configuration using one of the following:

  1. From the Cloud Services Portal, click Manage -> On-Prem Hosts.

  2. Select the on-prem host for which you want to modify, right-click the Action icon, and then click Edit. You can also select the host check box and click Edit at the top of the page.

  3. On the edit page, you can review and modify the following information:

Note

When you add or modify any of the following settings, services on your on-prem host will restart after you save the configuration. You might experience a minor outage when the services restart. In addition, if the new configuration is invalid, BloxOne service will revert back to the previous configuration after a few minutes. For example, if you made a typo while changing the IP address of an interface, the IP address becomes invalid and BloxOne service reverts to the previous IP address to ensure that the on-prem host is still operational. This validation process happens in the background and does not affect any operations on your on-prem host.

    • Applications & Services: You can view the licenses and enable or disable services that are applicable to the host.
      • SERVICE: This column lists the services associated with the host and their current states. You can use the service slider to enable or disable the applicable services. All services are disabled by default when you initially deploy the host.
      • LICENSE: This column lists the licenses for the host. You cannot modify this.
      • STATE: This column lists the current state of the service. this can be Enabled or Disabled.
    • IP Interface Settings: This section lists information about network interfaces for the on-prem host, if applicable. You can select the Default IP Interface from the list of available interfaces. The default interface is the interface configured as primary/default gateway on the on-prem host when there are multiple interfaces available. The default interface is auto-discovered for an on-prem host. You can change the default interface if any other network needs to be configured as the default gateway, for example, to connect to the WAN traffic. Changing the default interface may lead to a loss of connectivity if a proper route is not set for the network. If a loss of connectivity occurs, the configuration is reverted to the old one to restore connectivity. You can also modify the network configuration for physical appliances or virtual appliances that were deployed through OVA deployments using the downloaded Infoblox image. If you have configured multiple network interfaces on your Kubernetes based on-prem hosts, all the Ethernet ports are displayed in this section. For information about using multiple ports, see Multiple Network Interfaces for On-Prem Hosts.

      Note

      You can configure IPv4-only or IPv4/IPv6 dual-stack networks for an on-prem host. However, IPv4/IPv6 dual-stack networks are not supported if you plan to enable DNS or DHCP services on the on-prem host.

      To modify network configuration, select the network interface from the list and click Edit. Configure settings in the Edit IP Interface Settings section, and then click Save & Close.

      • NETWORK INTERFACE: Displays the name of the Ethernet ports on the appliance, such as enp1s0 or enp2s0. All network interfaces you have configured appear in the table.

        Note

        You can configure up to two network interfaces for the same network gateway.
      • INTERFACE TYPE: Displays whether the network interface is WAN or LAN based on your deployment. Note that you can configure a WAN interface for DHCP or Static; but you can configure LAN as Static only.

        Note

        You cannot change the interface type from WAN to LAN and vice versa if the interface is set as the default IP interface. To change the interface type, you must first remove the default interface status for the interface, toggle the interface type, and then assign the interface as the default IP interface again.


      • IPv4 MTU: Enter the maximum transmission unit for the IPv4 network, which is the size of the largest protocol data unit that can be communicated in a single network layer transaction. Valid values are from 576 to 9000. The default value is 1500.  

        Important

        If you are configurating a dual-stack network for the on-prem host, the minimum MTU value for the IPv4 address must be set to 1280. Otherwise, the IPv6 address will not be functional.
      • IPv4 NETWORK MODE: Displays whether the IPv4 interface is being configured for DHCP or Static. When configured for DHCP, the IP address is dynamically assigned, so you cannot modify the IP address associated with the interface. When configured as Static, you must assign a valid IPv4 address for the interface.
      • IPv4 ADDRESS: The IPv4 address associated with the interface.
      • Default Gateway: Displays the gateway for the interface.

        Note

        Each IPv4 gateway supports up to two network interfaces. If you configure more than two network interfaces for the same gateway, the gateway address will not be displayed for those interfaces.

        .

      • IPv4 CIDR: The netmask for the IPv4 address.
      • IPv6 MTU: Enter the maximum transmission unit for the IPv6 network, which is the size of the largest protocol data unit that can be communicated in a single network layer transaction. Valid values are from 1280 to 9000. The default value is 1500.

        Important

        If you are configurating a dual-stack network for the on-prem host, the minimum MTU value for the IPv4 address must be set to 1280. Otherwise, the IPv6 address will not be functional.


      • IPV6 NETWORK MODE: Displays whether the IPv6 interface is being configured as DHCP, RA, Auto Select, or Static.
        • DHCP: When configured for DHCP, the IP address is dynamically assigned by the DHCP server, so you cannot modify the IP address associated with the interface.
        • RA: When configured as router advertisements, the on-prem host in your IPv6 network auto-generated a link-local address to communicate with other hosts or neighbors on the same network.
        • Auto Select: When configured as Auto Select, the system selected the best way to obtain an IPv6 address for the on-prem host.
        • Static: When configured as Static, you have manually assigned a valid IPv6 address, CIDR, and gateway for the on-prem host.
      • IPv6 ADDRESS: The IP address associated with the interface.
      • Default IPv6 Gateway: The default gateway for the IPv6 interface.
      • IPv6 CIDR: The CIDR for the IPv6 address.
      • Interface State: Toggle to enable or disable the network interface. When you disable the network interface, it will not be in use, but the configuration stays intact.
      • Enable Service Traffic: Displays whether the BloxOne service is enabled on all IP interfaces or only on LAN.
        • On all IP Interfaces: This indicates that BloxOne services are enabled on all IP interfaces for this on-prem host.
        • LAN: This indicates the BloxOne services are enabled only on LAN for this on-prem host.
    • DNS Local Resolver IP Settings: This section displays the IP addresses of the local DNS resolver. You can also add a new resolver or delete an existing one.

      Note

      When you add and use a new DNS resolver, the on-prem host uses the new resolver and the default settings will not be retained.
    • Time Settings: In this section, you can set the time zone for the on-prem host, and add or remove NTP server(s) that your on-prem host uses to synchronize time. When you set the time zone for an on-prem host, the time zone information appears in the details panel of the Cloud Services Portal. Setting time zone is useful if you want to set up a maintenance window through the Cloud Services Portal. 

      Note

      When you add and use a new NTP server, the on-prem host uses the new NTP server and the default settings will not be retained.


      If you select the Sync with ESXi check box for an on-prem host deployed through OVA on ESXi servers, the list of NTP servers in the Time Settings section will not be used for the on-prem host. If desired, for OVA deployments on ESXi servers, you can enable the Synchronize guest time with host option during the deployment to synchronize your on-prem host with the NTP server. If you do not select the Synchronize guest time with host option (or if this option is disabled) during the deployment, the on-prem host synchronizes with the Ubuntu NTP servers: ntp.ubuntu.com and ubuntu.pool.ntp.org. If you choose to disable the Synchronize guest time with host option during the deployment and select the Sync with ESXi check box, ensure that you open the UDP 123 port for time synchronization with the Ubuntu NTP servers. For more information, see Synchronizing Time on the ESXi Servers.

    • Proxy Settings: This section displays the URL of the HTTPS proxy for the on-prem host if configured. You can specify the path for the CA certificate that BloxOne Threat Defense Cloud should use to authenticate the proxy. Note that the proxy setting is for web connection authentication only.
    • Docker Bridge Settings: This section displays the IP addresses of the Docker Bridge that are associated with the on-prem host. The settings affect only on-prem hosts deployed through Docker containers. You can add new IP addresses or remove existing ones for physical appliances as well as virtual appliances through OVA deployments using the downloaded Infoblox image. If all IP addresses are disabled, the Docker Bridge will default to 172.17.0.0/24.

      Note

      Ensure that you use an IP address for the Docker Bridge in a network no larger than a /24 subnet.

    • Kubernetes Bridge Settings: This section allows you to select the IP block or network CIDR ranges for your Kubernetes clusters and services. These settings affect only Kubernetes OVA deployments using the Infoblox image. You can also use the Device UI to configure the Kubernetes Bridge settings. For more information, see Troubleshooting On-Prem Hosts.

      Note

      If you want to reconnect a Kubernetes based on-prem host that has already been disconnected AND you also want to change the Kubernetes CIDR settings, you must first reset the on-prem host before making the CIDR changes and reconnecting the host.

      • Cluster CIDR: Select one of the following to define the IP block for your Kubernetes cluster:
        • Use default: 10.42.0.0/16: Select this to use the displayed CIDR for your Kubernetes clusters.
        • Use custom: Select this and then enter a valid CIDR for your Kubernetes cluster.

          Note

          Ensure that you set the netmask to a network no larger than a /24 and that you have enough IP addresses for the pods in the cluster.

      • Service CIDR: Select one of the following to configure your Kubernetes services. A Service enables network access to a set of Pods in Kubernetes.
        • Use default: 10.43.0.0/16: Select this to use the displayed CIDR for your Kubernetes services.
        • Use custom: Select this and then enter a valid CIDR for your Kubernetes service.

          Note

          Ensure that you set the netmask to a network no larger than a /24 and that you have enough IP addresses for the services.

  1. Click Save & Close.


Note

Configuration generation versioning is an automatic feature that reduces service interruption downtime during upgrades by creating a local version of the configuration that is compatible with the upgraded software in advance, rather than rebuilding the configuration after the upgrade. This allows you to make configuration changes even when different versions of the on-prem hosts are running, a situation that can occur during upgrades. Compatible versions of the configuration will always be pushed to on-prem hosts, even if there are multiple versions of on-prem hosts running simultaneously.

  • No labels

This page has no comments.