Adding layer 2 physical interfaces for NGFW Engines in the Firewall/VPN role
Layer 2 physical interfaces on NGFW Engines in the Firewall/VPN role pick up traffic for inspection.
You can add one or more capture interfaces, inline IPS interfaces, and inline Layer 2 Firewall interfaces to NGFW Engines in the Firewall/VPN role.
| Interface Type | Description |
|---|---|
| Capture interface |
Capture interfaces listen to traffic that is not routed through the NGFW Engine. Connections picked up through capture interfaces can be reset through reset interfaces. |
| Inline IPS interface |
The interface is directly on the traffic path so that traffic passes through the interface to reach its destination. The NGFW Engine can inspect the traffic coming from one interface and either stop the traffic or send it out through the other interface. The default action for network traffic in Access rules is Allow. When Bypass mode is used, if the interface is unable to process traffic, all traffic is allowed without inspection. |
| Inline Layer 2 Firewall interface |
The interface is directly on the traffic path so that traffic passes through the interface to reach its destination. The NGFW Engine can inspect the traffic coming from one interface and either stop the traffic or send it out through the other interface. The default action for network traffic in Access rules is Discard. Bypass mode cannot be used. If the interface is unable to process traffic, all traffic is blocked. |
Configure layer 2 physical interfaces for firewalls in the following order:
- (Optional) Add Logical Interfaces.
- (Optional) Add Reset Interfaces for Capture Interfaces.
- Add Capture Interfaces, Inline IPS Interfaces, or Inline Layer 2 Firewall Interfaces.