Add IP addresses to Virtual Firewall interfaces

You can add one or more static IPv4 or IPv6 addresses for each Physical Interface, VLAN Interface, or Tunnel Interface on a Virtual Firewall.

You can optionally add loopback IP addresses to the Virtual Firewall. Loopback IP addresses allow you to assign IP addresses that do not belong to any directly connected networks to the Virtual Firewall. Loopback IP addresses are not connected to any physical interface and they do not create connectivity to any network. Any IP address that is not already used on another physical or VLAN interface in the same Virtual Firewall can be used as a loopback IP address. The same IP address can be used as a loopback IP address and as the IP address of a tunnel interface. Loopback IP addresses can be used as the IPv4 Identity for Authentication Requests or IPv6 Identity for Authentication Requests, the IPv4 Source for Authentication Requests or IPv6 Source for Authentication Requests, and the Default IP Address for Outgoing Traffic.

You might need to define a contact address if you enter a private static address and NAT is used to translate it to a different external IP address. The external IP address must be configured as the contact address if the IP address is used as a VPN endpoint.

  For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Right-click an NGFW Engine, then select Edit <element type>.
  2. Browse to Interfaces.
  3. Right-click a Physical Interface, VLAN Interface, or Tunnel Interface, then select New > IPv4 Address or New > IPv6 Address.
    Note: If you have added VLAN Interfaces to Physical Interfaces, add the IP Addresses to the VLAN Interfaces.
  4. Configure the settings, then click OK.
  5. Continue the configuration in one of the following ways:
    • If you are creating a new Virtual Firewall, or if you want to change the roles the different interfaces have in the configuration, select interface options for Virtual Firewall interfaces.
    • Otherwise, click Save and Refresh to transfer the configuration changes.

IP Address Properties dialog box (Virtual Firewall interface)

Use this dialog box to define the properties of a Virtual Firewall interface IP address.

Option Definition
Static Shows the IP address type.
IPv4 Address Enter the IPv4 Address.
IPv6 Address Enter the IPv6 Address.
Contact Addresses
  • Default — Used by default whenever a component that belongs to another Location connects to this interface.
  • Exceptions — If components from some Locations cannot use the Default contact address, click Exceptions to define Location-specific contact addresses.
Network Settings
  • Netmask — Automatically populated IP address or netmask length (1–32). You can change this value if needed.
  • Prefix Length — (IPv6 address only) Check the automatically filled-in Prefix Length and adjust it if necessary by entering a value between 0–128.
  • Network Address — The Network Address is automatically filled in and cannot be edited.
  • Broadcast IP Address — (IPv4 address only) The Broadcast IP Address is automatically filled in and cannot be edited.
Comment Adds a comment to the IP address.

Resolve IP Address From DNS Name dialog box

Use this dialog box to resolve an IP address from a DNS name.

Option Definition
DNS Name The DNS name that you want to resolve.
Resolve Select to display a list of IP addresses that the DNS name resolves to.
Note: The IP addresses are resolved by the computer running the Management Client.
IP Address Select the IP address that you want to use.