Best Practices

It is recommended to follow these practices while deploying Network Security Platform in the public cloud environment.

  • Deploying Virtual IPS Sensors in the same region as the virtual machines to be protected minimizes latency.
  • It is recommended not to share a vNSP Controller across different regions.
  • The Network Security Manager should be deployed with a static public IP address.
  • The vNSP Controller should be assigned a static IP address. Ensure that the security group allows intended communication only to the assigned static IP address.
  • The Restrict SSH Access to the CLI checkbox must be selected to configure IP addresses or CIDR blocks to restrict SSH access from external invalid IPs.

    To enable this option, navigate to Devices<Admin Domain Name>GlobalIPS Device SettingsAdvanced Device Settings, and under CLI select Restrict SSH Access to the CLI.