: Edit the VM-Series Firewall Configuration File
Focus
Focus

Edit the VM-Series Firewall Configuration File

Table of Contents

Edit the VM-Series Firewall Configuration File

Edit the VM-Series firewall XML configuration file to support OVS and DPDK. You can access the XML configuration file or after deploying the VM-Series firewall. If you do this after deploying the firewall, be sure to shut down the firewall before making any changes. The values below are examples, your values for each parameter will vary based on your VM-Series model.
  1. Log in to the KVM host CLI.
  2. Edit the XML configuration file of your VM-Series firewall.
    1. Open the XML config file using virsh edit $<your-vm-series-name>.
    2. Sets the memory backing for the hugepage. Ensure that you provide enough memory to support the VM-Series firewall model you are deploying on the host. See VM-Series System Requirements for more information.
      <memory unit='KiB'>12582912</memory> 
        <currentMemory unit='KiB'>6291456</currentMemory> 
        <memoryBacking> 
          <hugepages/> 
    3. Set the necessary CPU flags for VM.
      <cpu mode='host-model'> 
    4. Enable memory sharing between the VM and the host.
      <numa> 
            <cell id='0' cpus='0,2,4,6' memory='6291456' unit='KiB' memAccess='shared'/> 
            <cell id='1' cpus='1,3,5,7' memory='6291456' unit='KiB' memAccess='shared'/> 
          </numa> 
    5. Set the DPDK vhost user ports as the VM -series firewall’s network interfaces. Additionally, set the number of virtio virtual queues provided to the VM-Series firewall by the host.
      <interface type='vhostuser'> 
            <mac address='52:54:00:36:83:70'/> 
            <source type='unix' path='/usr/local/var/run/openvswitch/vhost-user1' mode='client'/> 
      <model type='virtio'/> 
      <driver name=’vhost’ queues=’8’/> 
            <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> 
          </interface> 
          <interface type='vhostuser'> 
            <mac address='52:54:00:30:d7:94'/> 
            <source type='unix' path='/usr/local/var/run/openvswitch/vhost-user2' mode='client'/> 
      <model type='virtio'/> 
      <driver name=’vhost’ qeueus=’8’> 
            <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> 
          </interface>