Select which Master NGFW Engine interfaces are used for particular roles in system communications.
For more details about the product and how to configure features, click Help or
press F1.
Steps
-
Right-click an NGFW Engine, then select Edit <element type>.
-
Browse to .
-
In the Interface Options pane:
-
From the Primary control IP address drop-down list, select the primary control IP address that the Master NGFW Engine uses for communications with the Management Server.
Note: We recommend that you do not use the IP address of an Aggregated Link interface as the primary or secondary control IP address of the NGFW Engine.
-
(Optional, recommended) From the Backup control IP address drop-down list, select a backup control IP address that the Master NGFW Engine uses for communications with the Management Server if the primary control IP address fails.
-
(Optional, Firewall/VPN role only) If the Master NGFW Engine is behind a device that applies dynamic NAT to outbound
connections or in some other way blocks incoming connections, select Node-Initiated contact to Management Server.
When this option is selected, the engine opens a connection to the Management Server and maintains connectivity.
-
(Master NGFW Engine Cluster Only) From the Primary heartbeat drop-down list, select the primary
interface for communications between the nodes.
We recommend using a physical interface, not a VLAN interface. We strongly recommend that you do not direct any other traffic through this interface. A dedicated network
helps guarantee reliable and secure operation.
CAUTION:
Primary and backup heartbeat networks exchange confidential information. If dedicated networks are not
possible, configure the cluster to encrypt the exchanged information.
-
(Master NGFW Engine Cluster Only) From the Backup heartbeat drop-down list, select the backup
heartbeat interface that is used if the primary heartbeat interface is unavailable.
It is not mandatory to configure a backup heartbeat interface, but we strongly recommend it. If heartbeat traffic is not delivered, the cluster cannot operate and
traffic is disturbed. We strongly recommend that you use a dedicated interface for the backup heartbeat as well.
-
In the Default IP Address for Outgoing Traffic field, select the IP address that the nodes use if they have to initiate connections through an
interface that has no Node Dedicated IP address.
-
Click Save and Refresh.
Next steps
Bind licenses to Master NGFW Engine elements.