Add loopback IP addresses for Virtual Firewalls

Loopback IP addresses allow you to assign IP addresses that do not belong to any directly-connected networks to the Virtual Firewall.

Loopback IP addresses are not connected to any physical interface and they do not create connectivity to any network.

You can add several loopback IP addresses to each Virtual Firewall.
Any IP address that is not already used on another Physical or VLAN Interface in the same Virtual Firewall can be used as a loopback IP address.
The same IP address can be used as a loopback IP address and as the IP address of a Tunnel Interface.
Loopback IP addresses can be used as the Identity for Authentication Requests, the Source for Authentication Requests, and the Default IP Address for Outgoing Traffic.

For more details about the product and how to configure features, click Help or press F1.

Steps

Right-click a Virtual Firewall, then select Edit Virtual Firewall.
In the navigation pane on the left, browse to Interfaces > Loopback.
Click Add.
A row is added to the table.
Click the Loopback Address cell, then enter the loopback IP address.

Note: If the IP address you want to use as a loopback IP address is already used on another Physical or VLAN interface, you must remove the IP address from the interface configuration before using it as a loopback IP address.
Click OK.
Continue the configuration in one of the following ways:
- If you are configuring a new Virtual NGFW Engine, click Save, close the Engine Editor, then add routes for the Master NGFW Engine.
- Otherwise, click Save and Refresh.

Engine Editor – Interfaces – Loopback

Use this branch to define loopback IP addresses for Firewalls. Loopback IP addresses allow you to assign IP addresses that do not belong to any directly connected networks to the Firewall.

Option	Definition
Bypass Default IP Address	Specifies how the source IP address for traffic sent from the engine node is selected for tunnel interfaces that do not have IP addresses. Use Loopback IP Address in Unnumbered Tunnel Interface — Uses an IP address listed in the table as the source IP address of traffic sent from the engine node. Use Default Outgoing IP Address in Unnumbered Tunnel Interface — Uses the default outgoing IP address defined in the Interface Options pane as the source IP address of traffic sent from the engine node. Click Add Row to add a row to the table, or Remove Row to remove the selected row.

Option

Definition

Bypass Default IP Address

Specifies how the source IP address for traffic sent from the engine node is selected for tunnel interfaces that do not have IP addresses.

Use Loopback IP Address in Unnumbered Tunnel Interface — Uses an IP address listed in the table as the source IP address of traffic sent from the engine node.
Use Default Outgoing IP Address in Unnumbered Tunnel Interface — Uses the default outgoing IP address defined in the Interface Options pane as the source IP address of traffic sent from the engine node.

Click Add Row to add a row to the table, or Remove Row to remove the selected row.