Add loopback IP addresses for Firewall Clusters
You can optionally define one or more loopback IP addresses for the Firewall Cluster.
Any IP address that is not already used as a Cluster Virtual IP Addresses (CVI) or Node Dedicated IP Addresses (NDI) on another interface can be used as a loopback IP address. The same IP address can be used as a loopback IP address and as the IP address of a Tunnel Interface.
Whether to define a CVI or NDI loopback address depends on the traffic for which the loopback IP address is used:
- A CVI loopback IP address is used for loopback traffic that is sent to the whole cluster. All the nodes in the cluster share it.
- An NDI loopback IP address is used for loopback traffic that is sent to a specific node in the cluster. NDI loopback IP addresses must be unique for each node.
Note: If the IP address you want to use as a loopback IP address is already used as a CVI or NDI on another interface, you must remove the IP address from the interface configuration before using it as a loopback IP address.
If you use NDI Loopback IP addresses, you must define an NDI loopback IP address for all nodes.
For more details about the product and how to configure features, click Help or press F1.
Steps
Engine Editor – Interfaces – Loopback
Use this branch to define loopback IP addresses for Firewalls. Loopback IP addresses allow you to assign IP addresses that do not belong to any directly connected networks to the Firewall.
Option | Definition |
---|---|
Bypass Default IP Address | Specifies how the source IP address for traffic sent from the engine node is selected for tunnel interfaces that do not have IP addresses.
|