Master NGFW Engines can have two types of VLAN interfaces: VLAN interfaces for the Master NGFW Engine’s own traffic, and VLAN interfaces that are used by the Virtual NGFW Engines hosted on the Master NGFW Engine.
The maximum number of VLANs for a single physical interface is 4094. The VLANs must also be defined in the configuration of the external switch or router to which the interface is
connected.
On Master NGFW Engines that host Virtual IPS engines or Virtual Layer 2 Firewalls, the Virtual NGFW Engines can inspect traffic from VLAN interfaces without configuring VLAN tagging.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click a Master NGFW Engine, then select Edit <element type>.
-
In the navigation pane on the left, browse to Interfaces.
-
Right-click a physical interface, then select .
-
To associate the VLAN interface with a Virtual NGFW Engine, select a Virtual Resource from the Virtual
Resource drop-down list.
-
Define the VLAN interface properties.
CAUTION:
The throughput for each VLAN interface must not be higher than the throughput for the physical interface to which the VLAN interface belongs.
CAUTION:
Make sure that you set the interface speed correctly. When the bandwidth is set, the Master NGFW Engine always
scales the total amount of traffic on this interface to the bandwidth you defined. The bandwidth is scaled even if there are no bandwidth limits or guarantees defined for any
traffic.
CAUTION:
The MTU for each VLAN interface must not be higher than the MTU for the physical interface to which the VLAN interface belongs.
-
Click OK.
The specified VLAN ID is added to the physical interface.
-
Click
Save.
Do not close the Engine Editor.
Next steps
Add IP addresses to the physical interfaces or VLAN interfaces for Master NGFW Engine system communications.