Need some clarification on Virtual IPs and how they relate to rules.
-
Let's say I have the following virtual IPs:
162.x.x.225/29 (vhid 1) OUTSIDE carp OUTSIDE CARP IP (MGNT, OFFICE) 162.x.x.226/29 (vhid 2) OUTSIDE carp OUTSIDE CARP IP (TENANT) 192.168.10.1/24 (vhid 3) MGNT carp MGNT CARP IP 192.168.20.1/24 (vhid 4) OFFICE carp OFFICE CARP IP 172.16.0.1/22 (vhid 5) TENANT carp TENANT CARP IP
The first two are WAN (OUTSIDE) IPs that I use for assigning different subnets different public IP addresses. My Office and Management Network utilize the .225 address while the tenant network utilizes the .226 network. I just make these translations using NAT. Works great.
Now, here is where my confusing begins.
Does the "MGNT Address" alias that can be selected for source/destination also include any virtual IPs? So lets say on my tenant ruleset I include a block, Tenant Address dest, port 80, 443, and 22 (to block access to the webgui and ssh), will this also block traffic that is destined for the tenant carp ip (172.16.0.1)? The Tenant Address on the left box is 172.16.0.2 and the right box is 172.16.0.3.
-
The "XXXX address" macros only use the actual interface IP, not VIPs.