Select which interfaces are used for particular roles in system communications.
For example, you can select which IP addresses are used in communications between the Layer 2 Firewall and the Management Server.
The interfaces you have defined are shown as a tree-table on the Interfaces tab. Global interface options have codes in the tree-table.
Table 1. Interface option codes
Code |
Description |
C |
The interfaces that have the primary and backup control IP addresses. |
(Layer 2 Firewall Cluster only) H
|
The primary and backup heartbeat Interfaces. |
O |
The default IP address for outgoing connections. |
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
In the navigation pane on the left, browse to .
-
Select the interface options.
-
From the Primary control IP address drop-down list, select the primary control IP address that the Layer 2 Firewall uses for communications with
the Management Server.
-
(Optional, recommended) In the Backup control IP address drop-down list, select a backup control IP address that the Layer 2 Firewall uses for
communications with the Management Server if the primary control IP address fails.
-
(Layer 2 Firewall Cluster only) From the Primary heartbeat drop-down list, select the primary interface for communications between the nodes.
We recommend using a physical interface, not a VLAN interface. We strongly recommend that you do not direct any other traffic through this interface. A dedicated network
(without other traffic) is recommended for security and reliability of heartbeat communication.
CAUTION:
Primary and backup heartbeat networks exchange
confidential information. If dedicated networks are not possible, configure the cluster to encrypt the exchanged information.
-
(Layer 2 Firewall Cluster only) From the
Backup heartbeat drop-down list, select the backup heartbeat interface that is used if the primary heartbeat interface is unavailable.
It is not mandatory to configure a backup heartbeat interface, but we strongly recommend it. If heartbeat traffic is not delivered, the cluster cannot operate and traffic is disturbed. We strongly recommend that you use a dedicated interface for the backup heartbeat as well.
-
(Single Layer 2 Firewall only) If the Single Layer 2 Firewall's primary control IP address and backup control IP address are dynamic or if the Single Layer 2 Firewall is
in an environment where only the Layer 2 Firewall can initiate connections to the Management Server, select Node-initiated contact to Management
Server.
When this option is selected, the engine opens a connection to the Management Server and maintains connectivity.
-
From the
Default IP Address for Outgoing Traffic drop-down list, select the IP address that nodes use if they have to initiate connections through an interface that has no Node Dedicated IP address.
-
Click Save.
Next steps
Add traffic inspection interfaces for the Layer 2 Firewall.