A case scenario:
The virtual network interface for applications running on ISG is mapped 1-to-1 with the physical network interface of the SSP appliance; for example, if the interface for the application is defined as 0:0, then that interface is mapped to the 0:0 physical interface.
The SSP appliance is shipped with an on-board network interface (0:0) and one or more additional Network Interface Cards (NIC). All applications that are created and started on the ISG by the applications commands share these physical interfaces. The following Tech. Doc., with the URL below, depicts an ISG shipped with a 4-port NIC that has one ProxySG and one Content Analysis application running.
https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/integrated-secure-gateway/2-4/About-ISG/Networking_on_ISG.htmlSee more details in the Tech. Doc., with the same URL below.
Network definitions control which interfaces and LAGs are mapped to which applications. You can assign a definition when creating applications or edit the definition after creating the application.
You can use custom network definitions to assign specific interfaces and LAGs to specific applications. If the interfaces you are adding or removing to or from a network definition are in shared mode, you can add and remove them to and from multiple network definitions without impacting any network definitions.
If a network definition is not properly configured, an application might not start, such as in the following example.
(config-applications)# start example-sg-1
Error: Can not start application with empty network definition
So, by using interface definitions, the customer can map the ISG application to a specific network interface. Network Definition has no negative impact on the ISG.