How To: Add virtual (alias) IPs to Sentry

Adding additional virtual IPs is very easy.. in fact there is nothing you need to add in the network settings with the Sentry appliances. All you need to do is build your listener policy with the IP you want to use. Sentry will then automatically add the IP alias to the WAN or LAN depending on the subnet.  You can then confirm the listening IPs with the following CLI commands:

show connections
show listeners
show ifconfig

With the Sentry software instances, these run on a host OS. In order to build a listener using a different IP, you need to ensure the IP exists within the host OS first. This is all managed outside of Sentry.

An important note on IP Conflicts.... 

When your listener policies use the WAN (device) IP, you can use the "use device IP" check box on the listener policy to help avoid IP conflicts when transferring / exporting / importing configurations.  This is not available when your listener is using a different IP.  If you transfer the listener using an alias IP, it will come up on the target system what that same alias IP causing an IP conflict.  To avoid this, you can use the Agent override settings so that when the policy is transferred via GDM it comes up with the correct IP on the target system.  Alternatively, you can disable the listener before export / transfer and it will still be disabled when it imports.. giving you a change to manually change the IP before you enable it.

When using multiple IPs, IP conflicts when sharing policies across multiple Sentry instances are the main things to watch for.


Article is closed for comments.