Configuring Virtual Firewall interfaces
Physical interfaces in the properties of a Virtual Firewall represent interfaces allocated to the Virtual Firewall in the Master NGFW Engine.
All communication between Virtual Firewalls and the SMC is proxied by the Master NGFW Engine. Physical interfaces for the Virtual Firewall are automatically created based on the interface configuration in the Master NGFW Engine properties. The number of physical interfaces depends on the number of interfaces allocated to the Virtual Firewall in the Master NGFW Engine. You can optionally edit the automatically created physical interfaces.
- You can add VLAN interfaces if the creation of VLAN interfaces for Virtual Firewalls is enabled in the Master NGFW Engine Properties.
- You can optionally add tunnel interfaces for route-based VPNs.
Both IPv4 and IPv6 addresses are supported on Virtual Firewalls. You can define one or more static IP addresses for Virtual Firewall interfaces.
You can optionally add loopback IP addresses to the Virtual Firewall. Loopback IP addresses allow you to assign IP addresses that do not belong to any directly connected networks to the Virtual Firewall. Loopback IP addresses are not connected to any physical interface and they do not create connectivity to any network. Any IP address that is not already used on another physical or VLAN interface in the same Virtual Firewall can be used as a loopback IP address. The same IP address can be used as a loopback IP address and as the IP address of a tunnel interface. Loopback IP addresses can be used as the Identity for Authentication Requests, the Source for Authentication Requests, and the Default IP Address for Outgoing Traffic.
By default, the interface definitions for the Virtual Firewall are mapped to interfaces on the Master NGFW Engine in the order in which the interfaces are created on the Master NGFW Engine.