Select additional options for Virtual Firewall interfaces
In the Virtual Firewall's interface options, you can select which IP addresses are used in particular roles.
Interface Options can only be configured for Virtual Firewalls. All communication between Virtual Firewalls and the Secure SD-WAN Manager is proxied by the Master Engine. Virtual Firewalls do not have any interfaces for system communication.
 For more details about the product and how to configure features, click Help or
            press F1.
Steps
- Right-click an Engine, then select Edit <element type>.
- Browse to .
- Configure the settings.
Next steps
- Add loopback IP addresses for the Virtual Firewall.
- If you are configuring a new Virtual Engine, click Save, close the Engine Editor, then add routes for the Master Engine. 
- Otherwise, click Save and Refresh to transfer the configuration changes. 
Engine Editor > Interfaces > Interface Options
Use this branch to define which IP addresses are used in particular roles in the Engine's system communications.
| Option | Definition | 
|---|---|
| Control Interface (Not Virtual Firewalls) | 
 Note: We recommend that you do not use the IP address of an Aggregated Link interface as the primary or secondary control IP address of the  Engine. | 
| Node-Initiated Contact to Management Server | When selected, the Engine opens a connection to the Management Server and maintains connectivity. This option is always used with a dynamic control IP address, so it is
							always selected if the control IP address is dynamic. If the connection is not open when you command the Engine through the Management Client, the command is left pending
							until the Engine opens the connection again. Note: This option is not supported for IPS Clusters, Layer 2 Firewall Clusters, or Virtual Engines. | 
| Heartbeat Interface (Clusters and Master Engines only) | 
 On Master Engines, you cannot use shared interfaces as a heartbeat interface. | 
| IPv4 Identity for Authentication Requests or IPv6 Identity for Authentication Requests | The IPv4 address or IPv6 address of the selected interface is used when an Engine contacts an external authentication server. This option does not affect the routing of the connection with the authentication server. The IP address is used only as a parameter inside the authentication request payload to give a name to the request sender. | 
| IPv4 Source for Authentication Requests or IPv6 Source for Authentication Requests | By default, specifies the source IPv4 address or IPv6 address for authentication requests according to routing. If the authentication requests are sent to an external authentication server over VPN, select an interface with a Node Dedicated IP address that you want to use for the authentication requests. | 
| Default IP Address for Outgoing Traffic | Specifies the IP address that the Engine uses to initiate connections (such as for system communications and ping) through an interface that has no Node Dedicated IP Address. In clusters, you must select an interface that has an IP address defined for all nodes. |