Adding layer 2 physical interfaces for Secure SD-WAN Engines in the Engine/VPN role
Layer 2 physical interfaces on Secure SD-WAN Engines in the Engine/VPN role pick up traffic for inspection.
You can add one or more capture interfaces, inline IPS interfaces, and inline Layer 2 Engine interfaces to Secure SD-WAN Engines in the Engine/VPN role.
Interface Type | Description |
---|---|
Capture interface |
Capture interfaces listen to traffic that is not routed through the Secure SD-WAN Engine. Connections picked up through capture interfaces can be reset through reset interfaces. |
Inline IPS interface |
The interface is directly on the traffic path so that traffic passes through the interface to reach its destination. The Secure SD-WAN Engine can inspect the traffic coming from one interface and either stop the traffic or send it out through the other interface. The default action for network traffic in Access rules is Allow. When Bypass mode is used, if the interface is unable to process traffic, all traffic is allowed without inspection. |
Inline Layer 2 Engine interface |
The interface is directly on the traffic path so that traffic passes through the interface to reach its destination. The Secure SD-WAN Engine can inspect the traffic coming from one interface and either stop the traffic or send it out through the other interface. The default action for network traffic in Access rules is Discard. Bypass mode cannot be used. If the interface is unable to process traffic, all traffic is blocked. |
Configure layer 2 physical interfaces for engines in the following order:
- (Optional) Add Logical Interfaces.
- (Optional) Add Reset Interfaces for Capture Interfaces.
- Add Capture Interfaces, Inline IPS Interfaces, or Inline Layer 2 Engine Interfaces.