Configuring interfaces for Virtual NGFW Engines

Physical interfaces in the properties of a Virtual NGFW Engine represent interfaces allocated to the Virtual NGFW Engine in the Master NGFW Engine.

All communication between Virtual NGFW Engine and the SMC is proxied by the Master NGFW Engine.

Physical interfaces for Virtual NGFW Engines are automatically created based on the interface configuration in the Master NGFW Engine properties. The number of physical interfaces depends on the number of interfaces allocated to the Virtual NGFW Engine in the Master NGFW Engine. You can optionally edit the automatically created physical interfaces.

You can add VLAN interfaces if the creation of VLAN interfaces for Virtual NGFW Engines is enabled in the properties of the physical interface on the Master NGFW Engine.

Both IPv4 and IPv6 addresses are supported on Virtual Firewalls. You can define one or more static IP addresses for Virtual Firewall interfaces. On Virtual Firewalls, you can also optionally add tunnel interfaces for route-based VPNs.

You can optionally add loopback IP addresses to the Virtual Firewall. Loopback IP addresses allow you to assign IP addresses that do not belong to any directly connected networks to the Virtual Firewall. Loopback IP addresses are not connected to any physical interface and they do not create connectivity to any network. Any IP address that is not already used on another physical or VLAN interface in the same Virtual Firewall can be used as a loopback IP address. The same IP address can be used as a loopback IP address and as the IP address of a tunnel interface. Loopback IP addresses can be used as the IPv4 Identity for Authentication Requests or IPv6 Identity for Authentication Requests, the IPv4 Source for Authentication Requests or IPv6 Source for Authentication Requests, and the Default IP Address for Outgoing Traffic.

By default, the interface definitions for the Virtual NGFW Engine are mapped to interfaces on the Master NGFW Engine in the order in which the interfaces are created on the Master NGFW Engine.

The interface configuration for Virtual NGFW Engines consists of the following main steps:
  1. Edit the automatically created physical interfaces.
  2. (Optional) Add the required number of VLANs.
  3. (Optional, Virtual Firewalls only) Define tunnel interfaces for route-based VPNs.
  4. (Virtual Firewalls only) Configure the IP address settings.
  5. (Optional, Virtual Firewalls only) Define Loopback IP addresses to assign IP addresses that do not belong to any directly connected networks to the virtual firewall.
  6. (Virtual Firewalls only) Select the interfaces that are used in particular roles.