Support Center > Search Results > SecureKnowledge Details
Changing the VSX Cluster Internal Communication Network Technical Level
Symptoms
  • The address of Internal Communication Network is assigned during the initial creation of the VSX Cluster with a default IP address range consisting of four class-C (192.168.196.0/255.255.252.0).
  • The above default IP address range can be viewed on the VSX Cluster Properties > Cluster Members page of the VSX Cluster object but is grayed out and can not be modified.
Solution

In VSX, Internal communication network is a logical network used for communications between VSX components. From VSX NGX R67 it is possible to change this network even after Virtual Systems have been created, using the vsx_util change_private_net command.

Note: - Although this IP address range is used within the Cluster, make sure it is not used anywhere else in external network connected to this VSX Cluster.

The Following Prerequisites must be satisfied before using the command:

  1. All the SmartDashboard sessions for the Security Management Server or Admin DMS or DMS must be closed before starting the procedure.
  2. The Security Management Server or the Admin DMS (DMS that has the VSX cluster Object defined) and any DMS that has Virtual Systems defined for that particular VSX cluster must be up and running. For example all the processes fwm, cpd, fwd and cpca for the affected DMS's must be up, otherwise the operation will succeed on the DMS's that have all the processes up and will fail on the DMS's that are having issues. This will cause problems because the new internal communication network will be different between the affected DMS's. 
  3. The command is executed from the command line of the Security Management Server or from the command line of the Admin DMS's environment. 
  4. In case Manual NAT is used on the Virtual Systems, update the configuration in the $FWDIR/conf/local.arp file on VSX Gateway / VSX Cluster Members as described in sk30197 - Configuring Proxy ARP for Manual NAT. Otherwise, Manual NAT would fail.
  5. From R77 and above, the subnet mask can be changed as per sk99121.
Imported from Nokia support database

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment