The Interfaces & Routing > Interfaces > Hardware tab lists all configured interfaces showing information such as the Ethernet mode of operation or the MAC address. On Sophos UTM on AWS hardware devices, for each interface, auto negotiation can be enabled or disabled.
Auto Negotiation: Usually, the Ethernet mode of operation (1000BASE-T full-duplex, 100BASE-T full-duplex, 100BASE-T half-duplex, 10BASE-T full-duplex, 10BASE-T half-duplex, and so on) between two network devices is automatically negotiated by choosing the best possible mode of operation supported by both devices, where higher speed (e.g. 1000 Mbit/sec) is preferred over lower speed (e.g. 100 Mbit/sec), and full duplex is preferred over half duplex at the same speed.
Caution – For proper 1000 Mbit/sec operation, auto negotiation is always required and mandatory by IEEE Std 802.3ab. Thus, be careful to never switch Auto Negotiation off for any interface with Link mode 1000BASE-T. The timing of your network link may fail, causing service degradation or failure. For 100 Mbit/sec and 10 Mbit/sec operation, auto negotiation is optional, but still recommended for use whenever possible.
Auto negotiation is enabled by default. In the rare case that you need to switch it off, click the Edit button of the corresponding interface card and change the setting in the appearing dialog box Edit NIC Parameters via the drop-down list Link Mode. Note that the drop-down list is only available with Sophos UTM on AWS hardware devices. Click Save to save your changes.
Caution – Be careful when disabling auto negotiation, as this might lead to mismatches, resulting in a significant performance decrease or even disconnect. If the respective network interface card is your interface to WebAdmin you may lose access to WebAdmin!
In case one of your interfaces lost its network link due to manipulation of auto negotiation or speed settings, just changing the settings back will typically not bring the interface back to normal operation: Changing auto negotiation or speed settings on disconnected interfaces is not reliable. Therefore first switch on auto negotiation and then reboot Sophos UTM on AWS to bring back normal operation.
HA Link Monitoring: If high availability is enabled, all configured interfaces are monitored for link status. In case of a link failure, a takeover is triggered. If a configured interface is not always connected (e.g. management interface) please disable HA link monitoring for the corresponding interface. Otherwise all HA nodes will stay in status UNLINKED. To disable HA link monitoring click the Edit button of the corresponding interface card and change the setting in the appearing dialog box Edit NIC Parameters. Click Save to save your changes.
Set Virtual MAC: Sometimes it is useful to be able to change the MAC address of a device. For example, there are some ISPs where the modem must be reset when the device connected to it changes and by that the MAC address of that device. By setting the MAC address to the value of the former device, a reset of the modem can be avoided.
Sophos UTM on AWS, however, does not overwrite the original MAC address of the device but instead sets a virtual MAC address. To do so, click the Edit button of the corresponding interface card. In the appearing dialog box Edit NIC Parameters, select the checkbox Set Virtual MAC and enter a valid MAC address. Click Save to save your changes.
To restore the original MAC address, click the Edit button of the corresponding interface card. In the appearing dialog box Edit NIC Parameters, unselect the checkbox Set Virtual MAC. Click Save to save your changes.
Enable Power over Ethernet (PoE): This option is only available if the configured interfaces support PoE. If enabled, you can provide connected access points with electric power and data through one Ethernet cable.
Note – Power over Ethernet requires an additional power adapter in the Sophos UTM on AWS appliance. If the PoE interface runs without power adapter, the interface works as an normal LAN port without PoE support.