Add inline Layer 2 Engine interfaces to Single Engines

There are two physical interfaces in an inline Layer 2 Engine interface. The traffic is forwarded from one interface to the other.

The traffic that the Single Engine allows goes through the inline Layer 2 Engine interface as if it was going through a network cable. The Single Engine drops the traffic you want to stop. If the Single Engine is unable to process traffic, all traffic that goes through the inline Layer 2 Engine interface is blocked.

Inline interfaces are associated with a Logical interface element. The Logical interface is used in the Layer 2 Interface Engine Policies and the traffic inspection process to represent one or more inline Layer 2 Engine interfaces.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the Single Engine and select Edit <element type>.
    The Engine Editor opens.
  2. In the navigation pane on the left, browse to Interfaces.
  3. Right-click the empty space and select New Layer 2 Physical Interface.
  4. From the Interface ID drop-down list, select an ID number.
  5. From the Type drop-down list, select Inline Layer 2 Engine Interface.
  6. (Optional) From the Second Interface ID drop-down list, change the automatically selected interface ID.
  7. If your configuration requires you to change the logical interface from Default_Eth, select the logical interface in one of the following ways:
    • Select an existing Logical Interface element from the list.
    • Click Select and browse to another Logical Interface element.
    • Click New to create a Logical Interface element, then click OK.
  8. If you want the Single Engine to inspect traffic from VLANs that are not included in the Single Engine's interface configuration, leave Inspect Unspecified VLANs selected.
  9. If you want the Single Engine to inspect double-tagged VLAN traffic, leave Inspect QinQ selected.
  10. Click OK.
  11. Click Save.
    Do not close the Engine Editor.

Next steps

Continue the configuration in one of the following ways:
  • Add VLAN interfaces to the inline Layer 2 Engine interface.
  • Select system communication roles for interfaces.
  • Bind engine licenses to Single Engine elements.