Interfaces

The firewall is shipped with physical and virtual interfaces. A physical interface, for example, Port1, PortA, or eth0. A virtual interface is a logical representation of an interface that lets you extend your network using existing ports. You can bind multiple IP addresses to a single physical interface using an alias. You can also create and configure interfaces that support Remote Ethernet Devices.

  • To create a virtual interface or alias, click Add interface and select a type.
  • To turn an interface on or off, click the menu button and select on or off.
  • To update an interface, click the menu button and select Edit interface.
  • To delete a virtual interface, click the menu button and select Delete interface.

Updating and deleting interfaces

Updating interfaces may affect dependent configurations, including interface zone binding, DNS, gateway, interface-based hosts, VLAN interfaces, and dynamic DNS.

Deleting an interface will also remove all dependent configurations including interface zone binding, DHCP server or relay, interface-based firewall rule, ARP (static and proxy), protected servers, protected server-based firewall rules, interface-based hosts and references from host groups as well as unicast and multicast routes.

Deleting a virtual interface will delete the firewall rule defined for it.

Your network connections may be temporarily nonresponsive or unavailable after updating or deleting interfaces.

Virtual interfaces

Table 1. Virtual interfaces

Name

Description

Bridge

Bridges enable you to configure transparent subnet gateways.

LAG

Link aggregation groups combine physical links into a logical link that connects the firewall to another network device.

RED

A Remote Ethernet Device is a network appliance that provides a secure tunnel between a remote site and the firewall. The RED establishes a VPN back to the firewall so that anything connected to the RED is seen as part of the network.

VLAN

Virtual LANs are isolated broadcast domains within a network. You can create VLANs on physical interfaces, such as ports (for example, Port1, PortA, eth0), on RED interfaces, or on virtual interfaces, such as bridge or LAG.

xfrm

Virtual tunnel interface (VTI) that is used for route-based VPN tunnels. The interface is automatically created when you create an IPsec connection of the type Tunnel interface.

Other interfaces

Table 2. Other interfaces

Name

Description

Wireless network

A wireless network provides common connection settings for wireless clients. These settings include SSID, security mode, and the method for handling client traffic. When you create a network as a separate zone, the firewall creates a corresponding VXLAN tunnel.

Cellular WAN

Cellular WAN networks provide secure wireless broadband service to mobile devices. When you enable cellular WAN, the firewall creates the WWAN1 interface.

Test access point (TAP)

By deploying the firewall in discover mode, you can monitor all the network traffic without making any changes to the network schema. You can enable discover mode and configure a port through the console. The firewall lists the corresponding interface as “Discover, physical (TAP)”.

Interface status messages

Table 3. Interface status messages

Name

Description

Disabled

Interface is currently not bound to any zone.

Connected

Interface is configured and connected.

Connecting

A new IP address is being leased.

Disconnected

IP address has been released.

Disconnecting

IP address is being released.

Unplugged

No physical connection.

Not available

FleXi Ports have been configured and the FleXi Port module has been removed.