Configure Resources in VMware ESXi

To achieve the expected performance and scalability for your FireboxV or XTMv virtual machine, configure the recommended resources for the licensed device model.

You can also allocate additional network adapters, up to a total of 10, that correspond to interfaces 0–9 in the Fireware configuration.

Add Network Adapters

Before you ran the Web Setup Wizard to configure the FireboxV or XTMv virtual machine, you added two virtual network adapters for the default external and trusted network interfaces. Before you can configure other network interfaces in the Fireware network configuration, you must add network adapters to the virtual machine. All FireboxV and XTMv models support a maximum of 10 interfaces.

You must configure the ESXi MAC addresses in increasing order by the ESXi interface number. This ensures that the Firebox interfaces correspond to the ESXi interfaces as follows:

FireboxV or XTMv Interface ESXi Interface ESXi Interface MAC Address
eth0 1 22:22:22:22:22:20
eth1 2 22:22:22:22:22:21
eth2 3 22:22:22:22:22:22
eth3 4 22:22:22:22:22:23

You must add adapters to the FireboxV or XTMv virtual machine before the adapters are configurable in Fireware Web UI or Policy Manager. For example, if you add only two virtual adapters to a FireboxV device, the Fireware Web UI shows only two configurable interfaces for that device.

To add a network adapter, in the ESXi Host Client:

  1. Select Navigator > Virtual Machines.
  2. From the right pane, in the Virtual Machine list, select and power off the virtual machine.
  3. Right-click the virtual machine and select Edit settings.
  4. On the Virtual Hardware tab, click Add network adapter.
  5. Expand New Network Adapter.
  6. From the Adapter Type drop-down list, select VMXNET3.

To add another network adapter, repeat these steps. You can add up to a total of 10 network adapters.

For the best network performance and stability, we recommend that you choose a vmxnet3 virtual network adapter for each Firebox interface. Do not use a e1000 virtual network adapter.

For information about how use another VMware client to add a network adapter to a virtual machine, see the documentation for the VMware client you use.

Configure the Virtual Switch

To work correctly, these Fireware networking features require that you configure the virtual switch (vSwitch) on your network in promiscuous mode:

  • Drop-in mode network configuration
  • Network/LAN bridge
  • Mobile VPN with SSL with the Routed VPN Traffic setting
  • FireCluster management interface

You configure promiscuous mode in the vSwitch security properties.

For information about how to enable promiscuous mode on the vSwitch, see the documentation for the VMware client you use.

To use multiple VLANs on a single interface on a FireboxV or XTMv device in an ESXi environment, configure the vSwitch for the VLAN interface to use VLAN ID 4095 (All).

vSwitch Configuration for FireCluster

To configure an active/passive FireCluster in an ESXi environment, you must enable promiscuous mode on the vSwitch that connects to the FireCluster management interface. You must configure the vSwitch that connects to a FireCluster external interface to accept MAC address changes.

For information about how to configure the vSwitch, see the documentation for the VMware client you use.

For more information about FireCluster on FireboxV or XTMv, go to Configure a FireCluster on VMware ESXi.

Add Virtual Processors

By default, a FireboxV or XTMv virtual machine is allocated one virtual CPU. For optimal performance, configure the virtual machine to use the maximum number of CPUs your FireboxV model supports. You must do this while the virtual machine is not started. You can do this step before or after you run the Web Setup Wizard.

To add a virtual processor, from the ESXi Host Client:

  1. Select Navigator > Virtual Machines.
  2. From the right pane, in the Virtual Machine list, select and power off the virtual machine.
  3. Right-click the virtual machine and select Edit settings.
  4. On the Virtual Hardware tab, expand CPU.
  5. Select the number of CPUs supported or recommended for your FireboxV or XTMv model.

If you add more virtual processors than your FireboxV model supports, FireboxV does not use the additional processors.

For information about how use another VMware client to add vCPUs, see the documentation for the VMware client you use.

Configure Memory Resources

By default a FireboxV or XTMv virtual machine is allocated 1 GB of memory. For optimal performance, configure the virtual machine to use the recommended memory resources for your FireboxV or XTMv model.

To configure memory resources:

  1. Select Navigator > Virtual Machines.
  2. From the right pane, in the Virtual Machine list, select and power off the virtual machine.
  3. Right-click the virtual machine and select Edit settings.
  4. On the Virtual Hardware tab, expand Memory.
  5. In the RAM text box, type the amount of RAM to assign to the virtual machine or select one of the suggested values from the drop-down list. Select the amount of memory recommended for your FireboxV or XTMv model.

For information about how use another VMware client to configure memory resources, see the documentation for the VMware client you use.

Configure Other VMware ESXi Options

The configuration options in this topic are only necessary for specific Fireware features on a FireboxV or XTMv deployed on VMware ESXi.

USB Drive

To use a USB drive for system backup and restore, you must connect the USB drive to the server where your ESXi host is installed. Then you must add the USB device to the FireboxV virtual machine. You can add a USB drive for only one FireboxV or XTMv virtual machine at a time.

For information about how to add a USB device to a virtual machine, see the documentation for the VMware client you use.

Serial Port

You can connect to the Fireware CLI over a serial port, if you add a serial port to the FireboxV virtual machine configuration. The serial port can use a physical serial port on the host, or you can connect through a network.

For information about how to add a serial port to a virtual machine, see the documentation for the VMware client you use.

To connect to the FireboxV virtual serial port:

  1. From a computer that can reach the ESXi server over the network, use the telnet client to connect to the configured IP address and port.
    For example, telnet 10.10.10.10 3344
  2. Log in with the FireboxV virtual machine admin or status account and passphrase.

For information about how to use the CLI to manage your FireboxV device, go to the Command Line Interface Reference on the Product Documentation page at https://www.watchguard.com/help/documentation/.

IPv6

To enable IPv6 on an FireboxV virtual machine network interface, you must enable IPv6 on the network adapter on the ESXi host.

For information about how to add a serial port to a virtual machine, see the documentation for the VMware client you use.

For information about IPv6 configuration in Fireware, go to About IPv6 Support in Fireware.