Add layer 3 physical interfaces to Single Firewalls

To route traffic through the firewall, you must define at least two layer 3 physical interfaces.

Note: Only the interface that is used for communications between the Management Server and the Firewall is required when you install the Single Firewall. Although you can configure more interfaces at any time, it is recommended to add more interfaces right away.
There are three types of layer 3 physical interfaces:
  • An interface that corresponds to a single network interface on the firewall engine. In the Management Client, the interface type is None.
  • An aggregated link in high availability mode represents two interfaces on the firewall engine. Only the first interface in the aggregated link is actively used. The second interface becomes active only if the first interface fails.

    Connect the first interface in the link to one external switch and the second interface to another external switch.

  • An aggregated link in load balancing mode represents two or more interfaces (up to eight interfaces) on the firewall engine. All interfaces in the aggregated link are actively used and connections are automatically balanced between the interfaces.

    Link aggregation in load-balancing mode is implemented based on the IEEE 802.3ad Link Aggregation standard. Connect all interfaces to a single external switch. Make sure that the switch supports the Link Aggregation Control Protocol (LACP) and that LACP is configured on the switch.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. In the navigation pane on the left, browse to Interfaces.
  2. Select Add > Layer 3 Physical Interface.
  3. From the Interface ID drop-down list, select an ID number.
    This ID maps to a network interface during the initial configuration of the engine.
  4. From the Type drop-down list, select the interface type.
  5. If the type is aggregated link, select one or more other interfaces that belong to the aggregated link.
    • For an aggregated link in high availability mode, select an interface ID from the Second Interface ID drop-down list.
    • For an aggregated link in load balancing mode, click Add to add one or more interface IDs to the Additional Interface(s) list.
  6. Click OK.
  7. Click Save.
    Do not close the Engine Editor.

Result

The layer 3 physical interface is added to the interface list.

Next steps

Add VLAN interfaces or IP addresses to the layer 3 physical interface.