The firewall is shipped with physical and virtual interfaces. A physical interface, for example, Port1, PortA, or eth0. A virtual interface is a logical representation of an interface that lets you extend your network using existing ports. You can bind multiple IP addresses to a single physical interface using an alias. You can also create and configure interfaces that support Remote Ethernet Devices.
- To create a virtual interface or alias, click Add interface and select a type.
- To turn an interface on or off, click Menu and select on or off.
- To update an interface, click Menu and select Edit interface.
- To delete a virtual interface, click Menu and select Delete interface.
Updating and deleting interfaces
Updating interfaces may affect dependent configurations, including interface zone binding, DNS, gateway, interface-based hosts, VLAN interfaces, and dynamic DNS.
Deleting an interface will also remove all dependent configurations including interface zone binding, DHCP server or relay, interface-based firewall rule, ARP (static and proxy), protected servers, protected server-based firewall rules, interface-based hosts and references from host groups as well as unicast and multicast routes.
Deleting a virtual interface will delete the firewall rule defined for it.
Your network connections may be temporarily nonresponsive or unavailable after updating or deleting interfaces.
|Bridge||Bridges enable you to configure transparent subnet gateways.|
|LAG||Link aggregation groups combine physical links into a logical link that connects the firewall to another network device.|
|RED||A Remote Ethernet Device (RED) provides a secure tunnel between a remote site and Sophos Firewall. The RED establishes a VPN back to the firewall so that anything connected to the RED is seen as part of the network.|
|VLAN||Virtual LANs are isolated broadcast domains within a network. You can create VLANs on physical interfaces, such as ports (for example, Port1, PortA, eth0), on RED interfaces, or on virtual interfaces, such as bridge or LAG.|
|xfrm||Virtual tunnel interface (VTI) that is used for route-based VPN tunnels. The interface is automatically created when you create an IPsec connection of the type Tunnel interface.|
|Wireless network||A wireless network provides common connection settings for wireless clients. These settings include SSID, security mode, and the method for handling client traffic. When you create a network as a separate zone, the firewall creates a corresponding VXLAN tunnel.|
|Cellular WAN||Cellular WAN networks provide secure wireless broadband service to mobile devices. When you enable cellular WAN, the firewall creates the WWAN1 interface.|
|Test access point (TAP)||By deploying the firewall in discover mode, you can monitor all the network traffic without making any changes to the network schema. You can enable discover mode and configure a port through the console. The firewall lists the corresponding interface as “Discover, physical (TAP)”.|
Interface status messages
|Disabled||Interface is currently not bound to any zone.|
|Connected||Interface is configured and connected.|
|Connecting||A new IP address is being leased.|
|Disconnected||IP address has been released.|
|Disconnecting||IP address is being released.|
|Unplugged||No physical connection.|
|Not available||FleXi Ports have been configured and the FleXi Port module has been removed.|