Add VLAN interfaces to Virtual NGFW Engine interfaces

VLANs divide a single physical network link into several virtual links.

VLAN interfaces can only be added for Virtual NGFW Engines if the creation of VLAN interfaces for Virtual Firewalls is enabled in the Master NGFW Engine Properties. The maximum number of VLANs for a single physical interface is 4094. The VLANs must also be defined in the configuration of the external switch or router to which the interface is connected.

Note: You cannot add VLAN interfaces on top of other VLAN interfaces. Depending on the configuration of the Master NGFW Engine, you might not be able to create valid VLAN interfaces for the Virtual NGFW Engine. Contact the administrator who configured the Master NGFW Engine.

For more details about the product and how to configure features, click Help or press F1.

Steps

Right-click a Virtual Firewall, Virtual IPS engine, or Virtual Layer 2 Firewall and select Edit <element type>.
In the navigation pane on the left, select Interfaces.
Right-click a physical interface and select New > VLAN Interface.
Define the VLAN interface properties.

CAUTION:
The throughput for the Virtual Firewall physical interface must not be higher than the throughput for the Master NGFW Engine interface that hosts the Virtual Firewall. Contact the administrator of the Master NGFW Engine before changing this setting.

CAUTION:
Make sure that you set the interface speed correctly. When the bandwidth is set, the Virtual NGFW Engine always scales the total amount of traffic on this interface to the bandwidth you defined. The bandwidth is scaled even if there are no bandwidth limits or guarantees defined for any traffic.
Click OK.
The specified VLAN ID is added to the physical interface.

Next steps

Continue the configuration in one of the following ways:

(Virtual Firewall only) If you do not want to add tunnel interfaces for a route-based VPN, add IP addresses directly to the physical interfaces.
Otherwise, click Save and Refresh to transfer the configuration changes.