Add Port Group Interfaces to Single Firewalls

Port groups simplify port and network segment configuration. Traffic inside a port group is not inspected. The traffic between port groups is inspected by the firewall in the same way as other traffic.

Before you begin

You must add the integrated switch before you can add port group interfaces.

Depending on the Forcepoint NGFW appliance model, you can define one or more port group interfaces and add different types of interfaces to the port group:

On Forcepoint NGFW appliances that have hardware integrated switches, you can define one or more port group interfaces on the integrated switch.
You can add physical interfaces to the port group interface.
On Forcepoint NGFW appliances that have software integrated switches, you can define one port group interface on each integrated switch.
You can add physical and SSID interfaces to the port group interface. You must first add the physical and SSID interfaces in the engine editor without any IP address configuration, before adding these interfaces to the port group.

For more information about the type of integrated switch that your appliance has, see the model-specific Forcepoint Next Generation Firewall Hardware Guide for your Forcepoint NGFW appliance.

For more details about the product and how to configure features, click Help or press F1.

Steps

In the navigation pane on the left, select Interfaces.
Right-click the switch and select New Port Group Interface.
Define the port group interface properties.
Click OK.
The port group interface is added to the interface list. The defined switches and port group interfaces are displayed, for example, as “0.1” for switch ID 0 with port group 1.
Click Save.
Do not close the Engine Editor.

Next steps

Continue the configuration in one of the following ways:

Add IP addresses to the port group interfaces.
Add other types of interfaces.
Select system communication roles for interfaces.
Bind engine licenses to the Single Firewall elements.