A case scenario:

• Our current Proxy Appliances have a dedicated management port. How does this transpose to the Virtual Machine (Application).
  • The SSG-S40 has a management port which we have configured. Can we manage the Virtual machines( applications) via this management port?
• If so how does this affect the ISG, which has its management interface configured in this? 

Release : 

The virtual network interface for applications running on ISG is mapped 1-to-1 with the physical network interface of the SSP appliance; for example, if the interface for the application is defined as 0:0, then that interface is mapped to the 0:0 physical interface.

Ref. doc. (page 10): https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/web-and-network-security/integrated-secure-gateway/generated-pdfs/2_1-ISG-Help.pdf

The SSP appliance is shipped with an on-board network interface (0:0) and one or more additional Network Interface Cards (NIC). All applications that are created and started on the ISG by the applications commands share these physical interfaces. The following Tech. Doc., with the URL below, depicts an ISG shipped with a 4-port NIC that has one ProxySG and one Content Analysis application running.

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/integrated-secure-gateway/2-4/About-ISG/Networking_on_ISG.htmlSee more details in the Tech. Doc., with the same URL below.

Note

Network definitions control which interfaces and LAGs are mapped to which applications. You can assign a definition when creating applications or edit the definition after creating the application.

You can use custom network definitions to assign specific interfaces and LAGs to specific applications. If the interfaces you are adding or removing to or from a network definition are in shared mode, you can add and remove them to and from multiple network definitions without impacting any network definitions. 

If a network definition is not properly configured, an application might not start, such as in the following example.

(config-applications)# start example-sg-1
Error: Can not start application with empty network definition

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/integrated-secure-gateway/2-4/About-ISG/Networking_on_ISG.html

So, by using interface definitions, the customer can map the ISG application to a specific network interface. Network Definition has no negative impact on the ISG.