Configuring interfaces for Master NGFW Engines

Master NGFW Engines can have two types of interfaces: interfaces for the Master NGFW Engine's own traffic, and interfaces that are used by the Virtual NGFW Engines hosted on the Master NGFW Engine.

You can add Physical Interfaces and VLAN Interfaces to a Master NGFW Engine. If you want to use a Physical Interface or VLAN Interface to host a Virtual NGFW Engine, you must select a Virtual Resource for the interface. The same Virtual Resource can be used on more than one Master NGFW Engine interface to allocate multiple interfaces to the same Virtual NGFW Engine. If you want the Virtual NGFW Engine to have multiple interfaces, you must use the same Virtual Resource on more than one Master NGFW Engine interface.

If you want to use a Physical Interface or VLAN Interface for the Master NGFW Engine’s own traffic, you must not select a Virtual Resource for the interface. You can configure several IPv4 addresses on each Physical Interface or VLAN Interface that does not have a Virtual Resource associated with it. The interfaces for the Master NGFW Engine’s own traffic are only used for system communications.

By default, the Physical Interface definitions for the Master NGFW Engine are mapped to the actual network interfaces on the Master NGFW Engine hardware in numerical order. If necessary, you can change the mapping using command-line tools on the Master NGFW Engine. This mapping can be done differently from one Master NGFW Engine node to another. Make sure that the interface that represents the same network interface on each Master NGFW Engine node is correctly cabled to the same network.

Interfaces for Master NGFW Engines and Virtual Firewalls

Figure: Master NGFW Engine and Virtual Firewall architecture



In this example, the Master NGFW Engine has the following kinds of interfaces:

  1. Physical Interface for hosted Virtual Firewall traffic.
  2. VLAN Interfaces for hosted Virtual Firewall traffic.
  3. Physical Interface for the Master NGFW Engine’s own traffic.

Interfaces for Master NGFW Engines and Virtual IPS engines

Figure: Master NGFW Engine and Virtual IPS engine architecture



In this example, the Master NGFW Engine has the following kinds of interfaces:

  1. Capture Interface for hosted Virtual IPS engine traffic.
  2. VLAN Interface for hosted Virtual IPS engine traffic.
  3. Inline Interface pair for hosted Virtual IPS engine traffic.
  4. Inline VLAN Interface pair for hosted Virtual IPS engine traffic.
  5. Normal Interface for the Master NGFW Engine’s own traffic.

Interfaces for Master NGFW Engines and Virtual Layer 2 Firewalls

Figure: Master NGFW Engine and Virtual Layer 2 Firewall architecture



In this example, the Master NGFW Engine has the following kinds of interfaces:

  1. Inline Interface for hosted Virtual Layer 2 Firewall traffic.
  2. Inline VLAN Interface for hosted Virtual Layer 2 Firewall traffic.
  3. Normal Interface for the Master NGFW Engine’s own traffic.