Configure interfaces for connections to other networks

Interfaces for each Ethernet port on the NGFW appliance are automatically included in the interface table. You must add IP addresses and configure routing for connections to other networks.

Before you begin

If the other network is not directly connected to the NGFW Engine, create a Router element to represent your network switch or router and a network element to represent the other network.

CAUTION:
The interface for control connections can only have one IP address. Do not add additional IP addresses or VLANs to the interface for control connections.

Steps

  1. Browse to NGFW > Interfaces.


  2. In the interface table below the appliance image, click an interface, then select Add IP Address and Network.
  3. Enter the IP address and netmask in CIDR notation, then click Save.
    Example: 192.168.1.1/24
  4. If the network is not directly connected to the NGFW Engine, configure routing.
    1. Click the connected network, select Add Gateway, then select your Router element.
    2. Click the gateway, select Add Route Target, then select your Network element.
  5. Continue the configuration in one of the following ways:
    • If you are configuring interfaces for the first time, click:

    • Otherwise, click:

Example

Fields marked with an asterisk in the user interface are mandatory.

Table 1. Interfaces & Routing page
Option Definition
Adds an interface to the interfaces table. If you change the number of Ethernet ports on the NGFW appliance, such as by replacing a 4-port interface module with an 8-port interface module, you must add interfaces to represent the new Ethernet ports.
  • Interface — Adds a physical interface. Opens the New Interface dialog.
  • Interface with VLANs — Adds a physical interface with a placeholder for adding VLAN interfaces later. Opens the New Interface With VLANs dialog.
  • Tunnel InterfaceThis option is not yet supported.
Appliance image Shows the ports on the NGFW appliance for which you can configure interfaces. When you select an interface in the interface table, the corresponding port is highlighted in the image.
Interface table Allows you to configure the IP addresses, networks, and routing for each interface.
Physical Interface

(When interface type is Physical Interface)

Shows the interface ID of the physical interfaces. The following actions are available when you click the interface:
  • Add IP Address and Network — Adds an IP address and a Network element to the interface. Opens the New IP Address and Netmask dialog box.
  • Convert to Interface With VLANs — Removes any IP addresses that have been specified and converts the interface to an interface with VLANs.
  • Properties: Interface — Opens the interface properties.
  • Remove Interface — Removes the interface from the configuration.
Physical Interface

(When interface type is Physical Interface with VLAN interfaces)

Shows the interface ID of the physical interfaces and the VLAN interfaces under them.

The following actions are available when you click the physical interface:

  • Add VLAN Interface — Adds a VLAN interface.
  • Convert to Interface — Converts the interface with VLANs to an interface. There can be a maximum of one VLAN Interface when you convert the interface.
  • Properties: Interface with VLANs — Opens the interface properties.
  • Remove Interface — Removes the interface from the configuration.

The following actions are available when you click the VLAN interface:

  • Add IP Address and Network — Adds an IP address and a Network element to the interface. Opens the New IP Address and Netmask dialog box.
  • Properties: VLAN Interface — Opens the VLAN interface properties.
  • Remove VLAN Interface — Removes the VLAN interface.
IP Address Shows the IP address of the physical interface or VLAN interface. The following actions are available when you click the IP address:
  • Properties: Static Address — Allows you to add a static IP address to the interface.
  • Remove IP Address and Network — Removes the IP address from the interface configuration.
Connected Network Shows the network range of the directly connected network. The following options are available when you click the network:
  • Add Gateway — Allows you to add a route through a gateway device to a network that is not directly connected.
  • Properties: Network — Opens the properties of the Network element.
Gateway Shows the gateway device through which the NGFW Engine connects to a network that is not directly connected. The following actions are available when you click the gateway:
  • Add Route Target — Allows you to specify the IP addresses that are reachable through the gateway device.
  • Properties: <element type> — Opens the properties of the element that represents the gateway device.
  • Remove Gateway — Removes the gateway device from the interface configuration. The element is not deleted.
Route Target Shows the IP addresses that are reachable through the gateway device. The following options are available when you click the route target:
  • Properties: <element type> — Opens the properties of the element that represents the IP addresses.
  • Remove Route Target — Removes the route target from the interface configuration. The element is not deleted.
Table 2. Interface properties
Option Definition
Interface ID

(When interface type is Physical Interface)

The Interface ID automatically maps to a physical network port on the appliance.
VLAN ID

(When interface type is VLAN Interface)

Specifies the VLAN ID (1–4094). The VLAN IDs must be the same as the VLAN IDs that are used in the switch at the other end of the VLAN trunk. Each VLAN Interface is identified as Interface-ID.VLAN-ID, for example, 2.100 for Interface ID 2 and VLAN ID 100.
Interface Options

(Optional)

Advanced options for interface configuration.
MTU The maximum transmission unit (MTU) size on the connected link. Enter a value between 576–65000.
Zone The network zone to which the interface belongs. By default, Interface 0 belongs to the external zone. All other interfaces belong to the internal zone.
Antispoofing Elements This option is not yet supported.
Route Replies Back This option is not yet supported.

Next steps

If you are configuring the NGFW Engine for the first time, configure the policy for the NGFW Engine.