Sharing interfaces on Master Engines

As an alternative to using an external, physical switch, you can add a single layer 3 physical interface on a Master Engine that can be shared by up to 250 Virtual Engines. In addition, VLAN interfaces under the physical interface can be shared.

An example of where this could be beneficial is that a managed security services provider (MSSP) can have a single layer 3 physical interface that is shared by multiple Virtual Engines, where each Virtual Engine is dedicated to a different customer.

In addition to sharing a regular physical interface, the Virtual Engines can share aggregated link interfaces.

The Virtual Engines are identified by a unique unicast MAC address. The shared physical interface has a MAC address prefix (the first five octets of a MAC address) which groups the Virtual Engines together. The final octet of the MAC address, automatically taken from the Virtual Engine ID, identifies the individual Virtual Engine.

Underneath shared interfaces, you can also add shared VLAN interfaces that can be shared by multiple Virtual Engines.

The Virtual Engines that share an interface can communicate with each other if needed, but you must manually configure the routing and Access rules.

Limitations

Shared interfaces cannot be created when using the Convert Secure SD-WAN Engine to Master Engine and Virtual Engines wizard. You must manually add the interfaces later.