Configure the Interfaces
An appliance has three interfaces - dp1, dp2 (the default appliance interface), and mp. The dp1 and dp2 interfaces receive and forward traffic whereas the mp interface provides management access. When the three interfaces are configured, they connect to the three network interfaces - eth0, eth1, and eth2. Interface dp2 connects to the default network interface eth0, dp1 connects to eth1, and mp connects to eth2.
An OPLP or DPoP appliance will only require a single interface to connect to the Netskope cloud whereas, a Secure Forwarder appliance can require up to three interfaces based on your network.
Appliance interfaces can be configured in the following modes:
DHCP: When enabled, the interface is configured to use DHCP.
Note
DHCP is enabled by default on the dp2 interface.
Static IPs: This mode enables you to configure a static IP on the interface.
IPv6: IPv6 network connectivity for OPLP is supported on a Virtual Appliance.
When configuring an interface, choose a subnet that can reach the tenant instance in the Netskope cloud.
Configure the Interface using DHCP
The default interface, dp2 is configured to use DHCP and does not require configuration. DHCP is only enabled on the dp2 interface.
If you want to configure the dp2 interface with a static IP, you must disable DHCP, enable static IP, and then set the static IP, gateway, and netmask. For information on configuring static IPs, see Configure the Interface with a Static IP.
To enable DHCP on the other interfaces, run:
set interface dp2 v4 dhcp enable false set interface dp1 v4 dhcp enable true save
or,
set interface dp2 v4 dhcp enable false set interface mp v4 dhcp enable true save
Note
Netskope recommends using DHCP only on the dp2 interface. If you want to configure more than one interface on the appliance, then the dp1 and mp interfaces must be configured to use static IPs.
For information on configuring additional interfaces with a static IP, see Configure Additional Interfaces with a Static IP.
Configure the Interface with a Static IP
If you don't want to use the default DHCP configuration on the dp2 interface, you can configure the interface with a static IP address. If DHCP is enabled on the interface, you can find the IP, gateway, and netmask assigned to the interface using the run show route interface
command.
With DHCP enabled on dp2, run the following command to get the IP, gateway, and netmask. In CLI's operation mode, run:
run show route interface dp2
Make a note of the IP, gateway, and netmask. For example, dp2 (eth0): ip - 172.31.1.41, gw - 172.31.0.1, netmask - 255.255.240.0
Note
Before you configure the static IP, ensure that DHCP is disabled on the interface.
To configure static IPs on the interface, you will require the IP, gateway, and netmask. In configuration mode, run the following commands,
set interface dp2 dhcp enable false set interface dp2 v4 static enable true set interface dp2 v4 static ip 172.31.1.41 set interface dp2 v4 static gw 172.31.0.1 set interface dp2 v4 static netmask 255.255.240.0 set dns primary 1.1.1.1 set dns secondary 8.8.8.8 save
You can use the show
command in configuration mode to verify your configuration.
Configure the Interface with IPv6
In addition to connectivity to IPv4 networks, an OPLP VA image can be deployed with dp1 in the IPv6 network and dp2 in an IPv4 network. The client log files are uploaded using Syslog to the Appliance on the dp1 interface. The dp2 interface to the Netskope cloud functions via an IPv4 network.
Reference the updated CLI example below to configure IPv6 on dp1. Here are some use case caveats.
IPv6 is only supported for OPLP log upload functionality.
IPv6 DHCP is not supported.
IPv6 log parser is not supported.
DPOP is not supported.
CDPP is not supported.
IPv6 is not supported on the Physical appliance.
nsappliance(config)# set interface dp1 v6 static enable enable static configuration gw gateway of the interface ip IP address of the interface prefix netmask of the interface nsappliance(config)# show interface { "dp2": { "v4": { "dhcp": { "enable": "false" }, "static": { "enable": "true", "ip": "198.18.0.71", "gw": "198.18.0.1", "netmask": "255.255.255.0" } } }, "dp1": { "v6": { "static": { "ip": "fd12:1:1:1::3ca", "netmask": "64", "enable": "true" } } } }