Configuring interfaces for Virtual NGFW Engines

Physical interfaces in the properties of a Virtual NGFW Engine represent interfaces allocated to the Virtual NGFW Engine in the Master NGFW Engine.

All communication between Virtual NGFW Engine and the SMC is proxied by the Master NGFW Engine.

Physical interfaces for Virtual NGFW Engines are automatically created based on the interface configuration in the Master NGFW Engine properties. The number of physical interfaces depends on the number of interfaces allocated to the Virtual NGFW Engine in the Master NGFW Engine. You can optionally edit the automatically created physical interfaces.

You can add VLAN interfaces if the creation of VLAN interfaces for Virtual NGFW Engines is enabled in the Master NGFW Engine properties. On Virtual Firewalls, you can also optionally add tunnel interfaces for route-based VPNs.

By default, the interface definitions for the Virtual NGFW Engine are mapped to interfaces on the Master NGFW Engine in the order in which the interfaces are created on the Master NGFW Engine.

The interface configuration for Virtual NGFW Engines consists of the following main steps:
  1. Edit the automatically created physical interfaces.
  2. (Optional) Add the required number of VLANs.
  3. (Optional, Virtual Firewalls only) Define tunnel interfaces for route-based VPNs.
  4. (Virtual Firewalls only) Configure the IP address settings.
  5. (Optional, Virtual Firewalls only) Define Loopback IP addresses to assign IP addresses that do not belong to any directly connected networks to the virtual firewall.
  6. (Virtual Firewalls only) Select the interfaces that are used in particular roles.