Configure an interface for members of the VPN Broker domain

Interfaces for each Ethernet port on the NGFW appliance are automatically included in the interface table. In each NGFW Manager, you must add an IP address for the interface to which members of the VPN Broker domain can connect.

Before you begin

Start the NGFW Manager, then select VPN Broker Management mode.

Steps

Browse to NGFW > Interfaces.
In the interface table below the appliance image, click an interface, then select Add IP Address and Network.
Enter the IP address and netmask to which members of the VPN Broker domain can connect in CIDR notation, then click Save.

Example

Fields marked with an asterisk in the user interface are mandatory.

Table 1. Interfaces & Routing page
Option	Definition
	Adds an interface to the interfaces table. If you change the number of Ethernet ports on the NGFW appliance, such as by replacing a 4-port interface module with an 8-port interface module, you must add interfaces to represent the new Ethernet ports. Interface — Adds a physical interface. Opens the New Interface pane. Interface with VLANs — Adds a physical interface with a placeholder for adding VLAN interfaces later. Opens the New Interface With VLANs pane. Tunnel Interface — This option is not yet supported.
Appliance image	Shows the ports on the NGFW appliance for which you can configure interfaces. When you select an interface in the interface table, the corresponding port is highlighted in the image.
Interface table	Allows you to configure the IP addresses, networks, and routing for each interface.
Physical Interface	(When interface type is Physical Interface) Shows the interface ID of the physical interfaces. The following actions are available when you click the interface: Add IP Address and Network — Adds an IP address and a Network element to the interface. Opens the New IP Address and Netmask pane. Convert to Interface With VLANs — Removes any IP addresses that have been specified and converts the interface to an interface with VLANs. Properties: Interface — Opens the interface properties. Remove Interface — Removes the interface from the configuration.
Physical Interface	(When interface type is Physical Interface with VLAN interfaces) Shows the interface ID of the physical interfaces and the VLAN interfaces under them. The following actions are available when you click the physical interface: Add VLAN Interface — Adds a VLAN interface. Convert to Interface — Converts the interface with VLANs to an interface. There can be a maximum of one VLAN Interface when you convert the interface. Properties: Interface with VLANs — Opens the interface properties. Remove Interface — Removes the interface from the configuration. The following actions are available when you click the VLAN interface: Add IP Address and Network — Adds an IP address and a Network element to the interface. Opens the New IP Address and Netmask pane. Properties: VLAN Interface — Opens the VLAN interface properties. Remove VLAN Interface — Removes the VLAN interface.
IP Address	Shows the IP address of the physical interface or VLAN interface. The following actions are available when you click the IP address: Properties: Static Address — Allows you to add a static IP address to the interface. Remove IP Address and Network — Removes the IP address from the interface configuration.
Connected Network	Shows the network range of the directly connected network. The following options are available when you click the network: Add Gateway — Allows you to add a route through a gateway device to a network that is not directly connected. Properties: Network — Opens the properties of the Network element.
Gateway	Shows the gateway device through which the NGFW Engine connects to a network that is not directly connected. The following actions are available when you click the gateway: Add Route Target — Allows you to specify the IP addresses that are reachable through the gateway device. Properties: <element type> — Opens the properties of the element that represents the gateway device. Remove Gateway — Removes the gateway device from the interface configuration. The element is not deleted.
Route Target	Shows the IP addresses that are reachable through the gateway device. The following options are available when you click the route target: Properties: <element type> — Opens the properties of the element that represents the IP addresses. Remove Route Target — Removes the route target from the interface configuration. The element is not deleted.

Table 2. Interface properties
Option	Definition
Interface ID	(When interface type is Physical Interface) The Interface ID automatically maps to a physical network port on the appliance.
VLAN ID	(When interface type is VLAN Interface) Specifies the VLAN ID (1–4094). The VLAN IDs must be the same as the VLAN IDs that are used in the switch at the other end of the VLAN trunk. Each VLAN Interface is identified as Interface-ID.VLAN-ID, for example, 2.100 for Interface ID 2 and VLAN ID 100.
Interface Options (Optional)	Advanced options for interface configuration.
MTU	The maximum transmission unit (MTU) size on the connected link. Enter a value between 576–65000.
Zone	The network zone to which the interface belongs. By default, Interface 0 belongs to the external zone. All other interfaces belong to the internal zone.
Log Compression Override	When selected, the log compression settings defined for the interface override the default log compression settings defined for the NGFW Engine. Compress Discard Logs — When selected, enables log compression for discard log entries. Compress Antispoofing Logs — When selected, enables log compression for antispoofing log entries.
Log Rate	The maximum sustained number of log entries per second. The default value is 100 log entries per second.
Log Burst Size	The maximum number of log entries in a single burst. The default value is 1000 log entries.
Antispoofing Elements	This option is not yet supported.
Route Replies Back	This option is not yet supported.

Next steps

Create elements for the VPN Broker configuration in the NGFW Manager.