Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
71727374757677787980
80
Chapter 8 Configuring Master Engines and Virtual Layer 2 Firewalls
Adding VLAN Interfaces for Virtual Layer 2 Firewalls
VLAN Interfaces can only be added for Virtual Layer 2 Firewalls if the creation of VLAN Interfaces
for Virtual Layer 2 Firewalls is enabled in the Master Engine Properties. VLANs divide a single
physical network link into several virtual links. The maximum number of VLANs for a single
Physical Interface is 4094. The VLANs must also be defined in the configuration of the switch/
router to which the interface is connected.
To add a VLAN Interface for a Virtual Layer 2 Firewall
1. Switch to the Interfaces tab.
2. Right-click a Physical Interface and select NewVLAN Interface. The VLAN Interface
Properties dialog opens.
3. Enter the VLAN ID (1-4094). The VLAN IDs you add must be the same as the VLAN IDs that
are used in the switch at the other end of the VLAN trunk.
Each VLAN Interface is identified as
Interface-ID.VLAN-ID, for example 2.100 for
Interface ID 2 and VLAN ID 100.
4. If your configuration requires you to change the Logical Interface from Default_Eth, select
the Logical Interface in one of the following ways:
Select an existing Logical Interface from the list.
Select Other and browse to another Logical Interface.
Select New to create a new Logical Interface.
5. (Optional, only if Physical Interface Type is Inline Interface) Enter a VLAN ID for the Second
Interface in the Inline Interface if you want to remap the Inline Interface.
By default, this value is inherited from the first VLAN ID. We recommend that you keep the
default value if you do not have a specific reason to change it.
6. Click OK. The specified VLAN ID is added to the Physical Interface.
7. (Optional) Repeat the steps above to add further VLAN Interfaces.
Note – You cannot add VLAN Interfaces on top of other VLAN Interfaces. Depending on the
configuration of the Master Engine that hosts the Virtual Layer 2 Firewall, you may not be
able to create valid VLAN Interfaces for the Virtual Layer 2 Firewall. See Adding a Master
Engine Element (page 69).
What’s Next?
If the Security Engine licenses for the Master Engine were generated based on the POL
code of the Management Server (instead of the Master Engine’s POS code), proceed to
Binding Engine Licenses to Correct Elements (page 81).
Otherwise, you are ready to transfer the configuration to the physical Master Engine
nodes. Proceed to Saving the Initial Configuration (page 83).