Skip to content

Edit physical interfaces

You can edit the general, IPv4, IPv6, and advanced settings of a physical interface.

General settings

Configure the following settings:

  1. Name: Enter a name. You can change this name later. You can use a maximum of 58 characters.

    Restriction

    The names of physical and virtual interfaces, wireless networks, and IP tunnels can't start with system-reserved names, such as port, eth, ge, and xfrm, except when the Name is the same as the Hardware name.

  2. Hardware: A physical interface, for example, Port1, PortA, or eth0. You can't change this later.

  3. Network zone: Zone assigned to the interface.

IPv4 configuration

  1. Select IPv4 configuration.
  2. Select the IP assignment method from the following options:

    • Static
    • PPPoE
    • DHCP

    Specify the IP address.

    1. Enter an IPv4 address for the interface.
    2. Change the subnet mask if you want.
    3. Enter a Gateway name.
    4. Enter a Gateway IP address.

    Obtain an IP address from a PPPoE server.

    1. Enter an IPv4 address for the interface.
    2. Change the subnet mask if you want.
    3. Enter the Preferred IP address for the PPPoE connection. Many internet service providers assign a static IP address to PPPoE connections. The firewall allows you to bind the static IP address to the PPPoE connection.

      Note

      An address other than the preferred IP address may be assigned to the PPPoE connection, depending on the PPPoE server configuration.

    4. Enter a Gateway name.

    5. Enter a Gateway IP address.
    6. Enter the PPPoE account username.
    7. Enter the PPPoE account password.
    8. Enter the Access concentrator/service name. The firewall initiates only those sessions with the access concentrator that can provide the specified service.
    9. Specify the LCP echo interval, in seconds, that the firewall must wait before it sends an echo request to check whether the link is alive. Once an attempt is made, the firewall waits for the defined time interval before the next attempt is made.
    10. In LCP failure, enter the number of echo request attempts. Once the firewall makes the specified number of attempts without receiving a response from the client, it disconnects the PPPoE connection.
    11. Enter the Schedule time for reconnect. The address assigned to a PPPoE connection, whether dynamic or static (preferred), can have a predefined validity period. Once the validity expires, the PPPoE connection is terminated and reconnected. To prevent reconnection during working hours, turn on the PPPoE reconnect schedule.

      When it reconnects, a dynamic address rather than the preferred IP address may be assigned to the PPPoE connection.

    12. Under DSL settings, turn on VDSL if you want the firewall to automatically create a VLAN for the PPPoE connection and then specify a VLAN tag for it. If you turn it on, you don't need to manually create a VLAN on Interface > Add interface > Add VLAN.

    Obtain an IP address from a DHCP server.

    1. Enter an IPv4 address for the interface.
    2. Change the subnet mask if you want.
    3. Enter a Gateway name.
    4. Enter a Gateway IP address.

IPv6 configuration

  1. Select IPv6 configuration.
  2. Select the IP assignment method from the following options:

    • Static
    • DHCP

    Specify the IP address.

    1. Enter an IPv6 address for the interface.
    2. Change the prefix if you want.
    3. Enter a Gateway name.
    4. Enter a Gateway IP address.

    Obtain an IP address from a DHCP server.

    1. Select the Mode to configure IPv6 address using stateful or stateless methods.
      • Auto: IPv6 address is automatically assigned to the interface according to the configuration method you use. The method can be DHCPv6 or Stateless Address Auto-Configuration (SLAAC) according to the Managed (M) Address Configuration and Other (O) Configuration flags advertised in the Router Advertisement (RA) message.
      • Manual: Select an option from the following based on your method (DHCPv6 or SLAAC) of assigning an IPv6 address to the interface:
        • With DHCP only, the firewall assigns the address and other parameters provided by the DHCPv6 server to the interface.
        • With Stateless, the firewall assigns the interface address using SLAAC based on the advertised RA message. You can select Accept other configuration from DHCP to configure other parameters using the DHCPv6 server.
    2. Turn on DHCP rapid commit if you want to use a two-message exchange (solicit and reply) rather than a four-message exchange (solicit, advertise, request, and reply). This option provides faster client configuration.

      Note

      You must turn on rapid commit in the DHCPv6 server.

    3. Enter an IPv6 address for the interface.

    4. Change the prefix if you want.
    5. Enter a Gateway name.
    6. Enter a Gateway IP address.

Advanced settings

IPv4 and IPv6 settings

Configure the following settings:

  • Interface speed: Interface speed for synchronization.

    Note

    Speed mismatch between the device and third-party routers and switches may result in errors or collisions, disconnection, increased latency, or slow performance.

  • MTU: MTU (Maximum Transmission Unit) value, in bytes. It's the largest packet size that a network can transmit. Packets larger than the specified value are divided into smaller packets before they're sent.

    Note

    If you change the MTU value of XFRM interfaces, make sure it's at least 113 bytes lower than the listening interface's MTU size.

    Example:

    Listening interface MTU: 1400

    XFRM MTU: 1287 or lower

    This prevents packet drop during FastPath offload if SSL/TLS decryption applies to the IPsec VPN traffic.

  • Override MSS: MSS (Maximum Segment Size), in bytes. It's the amount of data that can be transmitted in a TCP packet.

  • Use default MAC address: Use the default MAC address of the interface. By default, the first port included as a member port becomes the default MAC address.
  • Override default MAC address: Override the default MAC address of the interface and enter a new address. On factory reset, the address is reset to the default MAC address.

Only IPv6 settings

Configure the following settings:

  • DAD attempts: Number of consecutive Neighbor Solicitation messages sent while performing Duplicate Address Detection (DAD) on a tentative address.
  • Allowed RA servers: List of MAC or IPv6 addresses of Router Advertisement (RA) servers from which you want the interface to accept the stateless configuration.