Select system communication roles for IPS interfaces
You can optionally change which interfaces are used for which types of system communications.
- Which IP addresses are used as the primary and backup Control IP address
- Which interfaces are used as the primary and backup Heartbeat Interface (IPS Clusters only)
- The default IP address for outgoing traffic
- The primary Control IP address
- The primary Heartbeat Interface (IPS Clusters only)
- The default IP address for outgoing traffic
For more details about the product and how to configure features, click Help or press F1.
Steps
Engine Editor > Interfaces > Interface Options
Use this branch to define which IP addresses are used in particular roles in the Secure SD-WAN Engine's system communications.
Option | Definition |
---|---|
Control Interface
(Not Virtual Engines) |
Note: We recommend that you do not use the IP address of an Aggregated Link interface as the primary or secondary control IP address of the Engine.
|
Node-Initiated Contact to Management Server | When selected, the Secure SD-WAN Engine opens a connection to the Management Server and maintains connectivity. This option is always
used with a dynamic control IP address, so it is always selected if the control IP address is dynamic. If the connection is not open when you command the Secure SD-WAN Engine through the Management Client, the command is left pending until the Secure SD-WAN
Engine opens the connection again. Note: This option is not supported for IPS Clusters, Layer 2 Engine Clusters, or Virtual Secure SD-WAN Engines.
|
Heartbeat Interface
(Clusters and Master Engines only) |
On Master Engines, you cannot use shared interfaces as a heartbeat interface. |
IPv4 Identity for Authentication Requests or IPv6 Identity for Authentication Requests |
The IPv4 address or IPv6 address of the selected interface is used when an Secure SD-WAN Engine contacts an external authentication server. This option does not affect the routing of the connection with the authentication server. The IP address is used only as a parameter inside the authentication request payload to give a name to the request sender. |
IPv4 Source for Authentication Requests or IPv6 Source for Authentication Requests | By default, specifies the source IPv4 address or IPv6 address for authentication requests according to routing. If the authentication requests are sent to an external authentication server over VPN, select an interface with a Node Dedicated IP address that you want to use for the authentication requests. |
Default IP Address for Outgoing Traffic | Specifies the IP address that the Secure SD-WAN Engine uses to initiate connections (such as for system communications and ping) through an interface that has no Node Dedicated IP Address. In clusters, you must select an interface that has an IP address defined for all nodes. |