Interfaces
The firewall is shipped with physical and virtual interfaces. A physical interface, for example, Port1, PortA, or eth0. A virtual interface is a logical representation of an interface that lets you extend your network using existing ports. You can bind multiple IP addresses to a single physical interface using an alias. You can also create and configure interfaces that support Remote Ethernet Devices.
- To create a virtual interface or alias, click Add interface and select a type.
- To turn an interface on or off, click Menu
and select on or off. - To update an interface, click Menu and select Edit interface.
- To delete a virtual interface, click Menu and select Delete interface.
Updating and deleting interfaces
Updating interfaces may affect dependent configurations, including interface zone binding, DNS, gateway, interface-based hosts, VLAN interfaces, and dynamic DNS.
Deleting an interface will also remove all dependent configurations including interface zone binding, DHCP server or relay, interface-based firewall rule, ARP (static and proxy), protected servers, protected server-based firewall rules, interface-based hosts and references from host groups as well as unicast and multicast routes.
Deleting a virtual interface will delete the firewall rule defined for it.
Your network connections may be temporarily nonresponsive or unavailable after updating or deleting interfaces.
Virtual interfaces
|
Name |
Description |
|---|---|
|
Bridge |
Bridges enable you to configure transparent subnet gateways. |
|
LAG |
Link aggregation groups combine physical links into a logical link that connects the firewall to another network device. |
|
RED |
A Remote Ethernet Device (RED) provides a secure tunnel between a remote site and Sophos Firewall. The RED establishes a VPN back to the firewall so that anything connected to the RED is seen as part of the network. |
|
VLAN |
Virtual LANs are isolated broadcast domains within a network. You can create VLANs on physical interfaces, such as ports (for example, Port1, PortA, eth0), on RED interfaces, or on virtual interfaces, such as bridge or LAG. |
|
xfrm |
Virtual tunnel interface (VTI) that is used for route-based VPN tunnels. The interface is automatically created when you create an IPsec connection of the type Tunnel interface. |
Other interfaces
|
Name |
Description |
|---|---|
|
Wireless network |
A wireless network provides common connection settings for wireless clients. These settings include SSID, security mode, and the method for handling client traffic. When you create a network as a separate zone, the firewall creates a corresponding VXLAN tunnel. |
|
Cellular WAN |
Cellular WAN networks provide secure wireless broadband service to mobile devices. When you enable cellular WAN, the firewall creates the WWAN1 interface. |
|
Test access point (TAP) |
By deploying the firewall in discover mode, you can monitor all the network traffic
without making any changes to the network schema. You can enable discover mode and
configure a port through the console. The firewall lists the corresponding interface
as |
Interface status messages
|
Name |
Description |
|---|---|
|
Disabled |
Interface is currently not bound to any zone. |
|
Connected |
Interface is configured and connected. |
|
Connecting |
A new IP address is being leased. |
|
Disconnected |
IP address has been released. |
|
Disconnecting |
IP address is being released. |
|
Unplugged |
No physical connection. |
|
Not available |
FleXi Ports have been configured and the FleXi Port module has been removed. |