Interfaces
The firewall is shipped with physical and virtual interfaces. A physical interface, for example, Port1, PortA, or eth0. A virtual interface is a logical representation of an interface that lets you extend your network using existing ports. You can bind multiple IP addresses to a single physical interface using an alias. You can also create and configure interfaces that support Remote Ethernet Devices.
- To create a virtual interface or alias, click Add interface and select a type.
- To turn an interface on or off, click Menu
and select on or off. - To update an interface, click Menu and select Edit interface.
- To delete a virtual interface, click Menu and select Delete interface.
Updating and deleting interfaces
Updating interfaces may affect dependent configurations, including interface zone binding, DNS, gateway, SD-WAN routes and profiles, interface-based hosts, VLAN interfaces, and dynamic DNS.
Deleting an interface will also remove all dependent configurations, including interface zone binding, DHCP server or relay, interface-based firewall rule, ARP (static and proxy), protected servers, protected server-based firewall rules, interface-based hosts, references from host groups, and unicast and multicast routes.
Deleting a virtual interface will delete the firewall rule defined for it.
After updating or deleting interfaces, your network connections may become temporarily unresponsive or unavailable.
Virtual interfaces
| Name | Description |
|---|---|
| Bridge | Bridges enable you to configure transparent subnet gateways. |
| LAG | Link aggregation groups combine physical links into a logical link that connects the firewall to another network device. |
| RED | A Remote Ethernet Device (RED) provides a secure tunnel between a remote site and Sophos Firewall. The RED establishes a VPN connection between itself and the firewall. The VPN connection ensures that any device connected to the RED is seen as part of the network. |
| VLAN | Virtual LANs are isolated broadcast domains within a network. You can create VLANs on physical interfaces, such as ports (for example Port1, PortA, eth0), RED interfaces, or virtual interfaces, such as bridge or LAG. |
| xfrm | XFRM interfaces, also called virtual tunnel interfaces (VTIs), are used for route-based VPN tunnels. An XFRM interface is automatically created when you create an IPsec connection of the type Tunnel interface. |
Other interfaces
| Name | Description |
|---|---|
| Wireless network | A wireless network provides common connection settings for wireless clients. These settings include SSID, security mode, and the method for handling client traffic. When you create a network as a separate zone, the firewall creates a corresponding VXLAN tunnel. |
| Cellular WAN | Cellular WAN networks provide secure wireless broadband service to mobile devices. When you enable cellular WAN, the firewall creates the WWAN1 interface. |
| Test access point (TAP) | By deploying the firewall in discover mode, you can monitor all the network traffic without making any changes to the network schema. You can turn on discover mode and configure a port through the console. The firewall lists the corresponding interface as “Discover, physical (TAP).” |
Interface status messages
| Name | Description |
|---|---|
| Disabled | Interface is currently not bound to any zone. |
| Connected | Interface is configured and connected. |
| Connecting | A new IP address is being leased. |
| Disconnected | IP address has been released. |
| Disconnecting | IP address is being released. |
| Unplugged | No physical connection. WiFi interface: No access point is connected, or an access point is connected, but no wireless network is assigned. |
| Not available | FleXi Ports have been configured and the FleXi Port module has been removed. |
More resources