Citrix Systems 4.2 Switch User Manual


 
Changing the Network Offering on a Guest Network
81
Side by Side: In side by side mode, a firewall device is deployed in parallel with the load
balancer device. So the traffic to the load balancer public IP is not routed through the firewall,
and therefore, is exposed to the public network.
Associate Public IP: Select this option if you want to assign a public IP address to the VMs
deployed in the guest network. This option is available only if
Guest network is shared.
StaticNAT is enabled.
Elastic IP is enabled.
For information on Elastic IP, see Section 16.18, “About Elastic IP”.
Redundant router capability. Available only when Virtual Router is selected as the Source
NAT provider. Select this option if you want to use two virtual routers in the network for
uninterrupted connection: one operating as the master virtual router and the other as the
backup. The master virtual router receives requests from and sends responses to the user’s
VM. The backup virtual router is activated only when the master is down. After the failover, the
backup becomes the master virtual router. CloudPlatform deploys the routers on different hosts
to ensure reliability if one host is down.
Conserve mode. Indicate whether to use conserve mode. In this mode, network resources are
allocated only when the first virtual machine starts in the network. When conservative mode is
off, the public IP can only be used for a single service. For example, a public IP used for a port
forwarding rule cannot be used for defining other services, such as StaticNAT or load balancing.
When the conserve mode is on, you can define more than one service on the same public IP.
Note
If StaticNAT is enabled, irrespective of the status of the conserve mode, no port forwarding
or load balancing rule can be created for the IP. However, you can add the firewall rules by
using the createFirewallRule command.
Tags. Network tag to specify which physical network to use.
Default egress policy: Configure the default policy for firewall egress rule. Options are Allow
and Deny. Default is Allow if no egress policy is specified, which indicates that all the egress
traffic is accepted when a guest network is created from this offering.
To block the egress traffic for a guest network, select Deny. In this case, when you configure an
egress rules for an isolated guest network, rules are added to allow the specified traffic.
6. Click Add.
10.5.2. Changing the Network Offering on a Guest Network
A user or administrator can change the network offering that is associated with an existing guest
network.
1. Log in to the CloudPlatform UI as an administrator or end user.