Select which IP addresses are used for particular roles in system communications.
For example, you can select which IP addresses are used in communications between the Firewall Cluster and the Management Server.
The interfaces you have defined are shown as a tree-table on the Interfaces tab. Global interface options have codes in the tree-table.
Table 1. Interface option codes
Code
|
Description
|
A
|
The interface that has the IP address used as the identity for authentication requests.
|
C
|
The interfaces that have the primary and backup control IP addresses.
|
H
|
The primary and backup heartbeat Interfaces.
|
O
|
The default IP address for outgoing connections.
|
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
In the navigation pane on the left, select
.
-
Select the interface options.
-
From the Primary control IP address drop-down list, select the primary control IP address that the Firewall Cluster uses for communications with the
Management Server.
-
(Optional, recommended) In the Backup control IP address drop-down list, select a backup control IP address that the Firewall Cluster uses for
communications with the Management Server if the primary control IP address fails.
-
If the Firewall Cluster's primary control IP address and backup control IP address are dynamic or
if the Firewall Cluster is in an environment where only the Firewall Cluster can initiate connections to the Management Server, select Node-initiated contact to
Management Server.
When this option is selected, the Firewall Cluster opens a connection to the Management Server and maintains connectivity.
-
From the Primary heartbeat drop-down list, select the primary interface for communications between the nodes.
We recommend using a physical interface, not a VLAN interface. We strongly recommend that you do not direct any other traffic through this interface. A dedicated network
(without other traffic) is recommended for security and reliability of heartbeat communication.
CAUTION:
Primary and backup heartbeat networks exchange
confidential information. If dedicated networks are not possible, configure the cluster to encrypt the exchanged information.
-
From the
Backup heartbeat drop-down list, select the backup heartbeat interface that is used if the primary heartbeat interface is unavailable.
It is not mandatory to configure a backup heartbeat interface, but we strongly recommend it. If heartbeat traffic is not delivered, the cluster cannot operate and traffic is disturbed. We strongly recommend that you use a dedicated interface for the backup heartbeat as well.
-
From the
Identity for Authentication Requests drop-down list, select the IP address that identifies the firewall to external authentication servers.
Note: This selection has no effect on routing.
-
(Optional) From the
Source for Authentication Requests drop-down list, select the IP address that identifies the firewall when it sends an authentication request to an external authentication server over a VPN.
Note: This selection has no effect on routing.
-
From the
Default IP Address for Outgoing Traffic field, select the IP address that the nodes use if they have to initiate connections through an interface that has no Node Dedicated IP address.
-
Click Save.
Next steps
Continue the configuration in one of the following ways:
- If an interface used for external connections has only a Cluster Virtual IP address, add manual ARP entries for the nodes.
- Bind the engine licenses to the nodes in the Firewall Cluster.