Add inline Layer 2 Firewall interfaces to Firewall Clusters

There are two physical interfaces in an inline Layer 2 Firewall interface. The traffic is forwarded from one interface to the other.

The traffic that the Firewall Cluster allows goes through the inline Layer 2 Firewall interface as if it was going through a network cable. The Firewall Cluster drops the traffic you want to stop. If the Firewall Cluster is unable to process traffic, all traffic that goes through the inline Layer 2 Firewall interface is blocked.

Inline interfaces are associated with a Logical interface element. The Logical interface is used in the Layer 2 Interface Firewall Policies and the traffic inspection process to represent one or more inline Layer 2 Firewall interfaces.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click the Firewall Cluster and select Edit <element type>.
    The Engine Editor opens.
  2. In the navigation pane on the left, browse to Interfaces.
  3. Right-click the empty space and select New Layer 2 Physical Interface.
  4. From the Interface ID drop-down list, select an ID number.
  5. From the Type drop-down list, select Inline Layer 2 Firewall Interface.
  6. (Optional) From the Second Interface ID drop-down list, change the automatically selected interface ID.
  7. If your configuration requires you to change the logical interface from Default_Eth, select the logical interface in one of the following ways:
    • Select an existing Logical Interface element from the list.
    • Click Select and browse to another Logical Interface element.
    • Click New to create a Logical Interface element, then click OK.
  8. If you want the Firewall Cluster to inspect traffic from VLANs that are not included in the Firewall Cluster's interface configuration, leave Inspect Unspecified VLANs selected.
  9. If you want the Firewall Cluster to inspect double-tagged VLAN traffic, leave Inspect QinQ selected.
  10. Click OK.
  11. Click Save.
    Do not close the Engine Editor.

Next steps

Continue the configuration in one of the following ways:
  • Add VLAN interfaces to the inline Layer 2 Firewall interface.
  • Select system communication roles for interfaces.
  • Bind engine licenses to Firewall Cluster elements.