Management Services
Configuration > Networking > Routing > Management Services
Use this tab to configure management services. You can configure them regardless of whether routing segmentation is enabled or disabled.
-
When enabled, management services are functional in the associated segment based on the selected interface.
-
When disabled, all the interfaces are available for configuration.
NOTE: Management services still function if routing segmentation is not enabled in Orchestrator. In this case, you will be able to use the default configuration only; that is, any interface with the Default segment.
Starting with version 9.0, Orchestrator provides two tabs from which you can configure management services:
-
Management Routes – Use this tab to configure static routes for management services traffic from an EdgeConnect appliance (egress traffic).
-
Management Services – Use this tab to specify the source IP address of the interface used for each management service.
While it is recommended that you now use the Management Services tab to configure services, you can continue to use the Management Routes tab if you are not required to specify source IP addresses for management services.
The Management Services tab displays the following fields:
Field | Description |
---|---|
Appliance | Name of the appliance selected. |
Management Service | Management service used by your appliance. |
Interface for Source IP Address | IP address of the interface used by the management service. By default, management services are configured to use any source IP address. You can modify the interface for the Source IP address by updating this field for the corresponding management service. |
Source Segment | Name of the associated segment applied to the management service when your source IP address is selected. |
Click the edit icon associated with the management service you want to configure.
Management Services Dialog Box
To configure a management service listed in this dialog box:
-
Click twice in the Interface for Source IP Address field associated with that service.
A drop-down list of all the interfaces configured for your appliance appears.
-
Select an interface.
The Source Segment field updates automatically with the associated segment.
-
Click Save.
If the Interface for Source IP Address field is set to any, there is no control over which source IP address will be used for management services egress packets. Depending on the route lookup, the corresponding source IP configured in the Management Routes table is used as the source IP of the packet. If the Source IP is not configured (0.0.0.0) in the Management Routes table for the selected route, the egress interface’s IP address is used as the source IP address.
Descriptions of management service behaviors follow:
Service | Behavior |
---|---|
HTTP(S) Cloud Portal Orchestrator |
These services use the selected interface’s Interface for Source IP Address as the source address to establish reachability and WebSocket connections to the Cloud Portal and Orchestrator. HTTP/HTTPS uses the Interface for Source IP Address for connection as well. CAUTION: If routing segmentation is enabled, make sure to provide Internet connectivity from the segment to the Interface for Source IP Address associated with the segment. |
DHCP Relay NTP Other VRF mgmt Apps NetFlow RADIUS/TACACS+ SNMP SSH Syslog |
Each of these management services use Interface for Source IP Address as the source IP address. The source interface configured from the management route table is ignored if the Interface for Source IP Address is not “any”. NOTE: Currently, EST is the only service included in “Other VRF mgmt Apps”. |