Skip to content

Interfaces

The firewall is shipped with physical and virtual interfaces. A physical interface, for example, Port1, PortA, or eth0. A virtual interface is a logical representation of an interface that lets you extend your network using existing ports. You can bind multiple IP addresses to a single physical interface using an alias. You can also create and configure interfaces that support Remote Ethernet Devices.

  • To create a virtual interface or alias, click Add interface and select a type.
  • To turn an interface on or off, click Menu Menu button. and select on or off.
  • To update an interface, click Menu Menu button. and select Edit interface.
  • To delete a virtual interface, click Menu Menu button. and select Delete interface.

Note

Configuring more than one WAN interface in the same subnet results in ARP issues, making the gateways unreachable. For example, if your ISP offers public IP addresses belonging to the same subnet, you need to use alias or LAG interfaces.

Updating and deleting interfaces

Updating interfaces may affect dependent configurations, including interface zone binding, DNS, gateway, SD-WAN routes and profiles, interface-based hosts, VLAN interfaces, and dynamic DNS.

Deleting an interface will also remove all dependent configurations, including interface zone binding, DHCP server or relay, interface-based firewall rule, ARP (static and proxy), protected servers, protected server-based firewall rules, interface-based hosts, references from host groups, and unicast and multicast routes.

Deleting a virtual interface will delete the firewall rule defined for it.

After updating or deleting interfaces, your network connections may become temporarily unresponsive or unavailable.

Virtual interfaces

Name Description
Bridge Bridges enable you to configure transparent subnet gateways.
LAG Link aggregation groups combine physical links into a logical link that connects the firewall to another network device.
RED A Remote Ethernet Device (RED) provides a secure tunnel between a remote site and Sophos Firewall. The RED establishes a VPN connection between itself and the firewall. The VPN connection ensures that any device connected to the RED is seen as part of the network.
VLAN Virtual LANs are isolated broadcast domains within a network. You can create VLANs on physical interfaces, such as ports (for example Port1, PortA, eth0), RED interfaces, or virtual interfaces, such as bridge or LAG.
xfrm XFRM interfaces, also called virtual tunnel interfaces (VTIs), are used for route-based VPN tunnels. An XFRM interface is automatically created when you create an IPsec connection of the type Tunnel interface.

Other interfaces

Name Description
Wireless network A wireless network provides common connection settings for wireless clients. These settings include SSID, security mode, and the method for handling client traffic. When you create a network as a separate zone, the firewall creates a corresponding VXLAN tunnel.
Cellular WAN Cellular WAN networks provide secure wireless broadband service to mobile devices. When you enable cellular WAN, the firewall creates the WWAN1 interface.
Test access point (TAP) By deploying the firewall in discover mode, you can monitor all the network traffic without making any changes to the network schema. You can turn on discover mode and configure a port through the console. The firewall lists the corresponding interface as “Discover, physical (TAP).”

Interface status messages

Name Description
Disabled Interface is currently not bound to any zone.
Connected Interface is configured and connected.
Connecting A new IP address is being leased.
Disconnected IP address has been released.
Disconnecting IP address is being released.
Unplugged

No physical connection.

WiFi interface: No access point is connected, or an access point is connected, but no wireless network is assigned.

Not available FleXi Ports have been configured and the FleXi Port module has been removed.

More resources