End-of-Life (EoL)

Configure a Virtual Wire

The following task shows how to configure two virtual wire interfaces (Ethernet 1/3 and Ethernet 1/4 in this example) to create a virtual wire (see Virtual Wire Deployments). The two interfaces must have the same
Link Speed
and transmission mode (
Link Duplex
). For example, a full-duplex 1000Mbps copper port matches a full-duplex 1Gbps fiber optic port.
  1. Configure the first virtual wire interface.
    1. Select
      Network
      Interfaces
      Ethernet
      and select
      an interface you have cabled (
      ethernet1/3
      in this example).
    2. Set the
      Interface Type
      to
      Virtual Wire
      and click
      OK
      .
  2. Attach the interface to a virtual wire object.
    1. While still on the same Ethernet interface, on the
      Config
      tab, select
      Virtual Wire
      and click
      New Virtual Wire
      .
    2. Enter a
      Name
      for the virtual wire object.
    3. For
      Interface1,
      select the interface you just configured (
      ethernet1/3
      ). (Only interfaces configured as virtual wire interfaces appear in the drop-down.)
    4. For
      Tag Allowed
      , enter
      0
      to indicate untagged traffic (such as BPDUs and other Layer 2 control traffic) is allowed. The absence of a tag implies tag 0. Enter additional allowed tag integers or ranges of tags, separated by commas (default is 0; range is 0 to 4,094).
    5. Select
      Multicast Firewalling
      if you want to be able to apply security policy rules to multicast traffic going across the virtual wire. Otherwise, multicast traffic is transparently forwarded across the virtual wire.
    6. Select
      Link State Pass Through
      so the firewall can function transparently. When the firewall detects a link down state for a link of the virtual wire, it brings down the other interface in the virtual wire pair. Thus, devices on both sides of the firewall see a consistent link state, as if there were no firewall between them. If you don’t select this option, link status is not propagated across the virtual wire.
    7. Click
      OK
      to save the virtual wire object.
  3. Determine the link speed of the virtual wire interface.
    1. While still on the same Ethernet interface, select
      Advanced
      and note or change the
      Link Speed
      .
      The port type determines the speed settings available in the drop down. By default, copper ports are set to
      auto
      negotiate link speed. Both virtual wire interfaces must have the same link speed.
    2. Click
      OK
      to save the Ethernet interface.
  4. Configure the second virtual wire interface.
    Repeat the preceding steps to configure the second interface (
    ethernet1/4
    in this example).
    When you select the
    Virtual Wire
    object you created, the firewall automatically adds the second virtual wire interface as
    Interface2
    .
  5. Create a separate security zone for each virtual wire interface.
    1. Select
      Network
      Zones
      and
      Add
      a zone.
    2. Enter the
      Name
      of the zone (such as
      internet
      ).
    3. For
      Location
      , select the virtual system where the zone applies.
    4. For
      Type
      , select
      Virtual Wire
      .
    5. Add
      the
      Interface
      that belongs to the zone.
    6. Click
      OK
      .
  6. (
    Optional
    ) Create security policy rules to allow Layer 3 traffic across the virtual wire.
    Create a Security Policy Rule to allow traffic from the user zone to the internet zone, and another to allow traffic from the internet zone to the user zone, selecting the applications you want to allow, such as BGP or OSPF.
  7. (
    Optional
    ) Enable IPv6 firewalling.
    If you want to be able to apply security policy rules to IPv6 traffic arriving at a virtual wire interface, enable IPv6 firewalling. Otherwise, IPv6 traffic is forwarded transparently.
    1. Select
      Device
      Setup
      Session
      and edit Session Settings.
    2. Select
      Enable IPv6 Firewalling
      .
    3. Click
      OK
      .
  8. Commit your changes.
    Click
    Commit
    .
  9. (
    Optional
    ) Configure an LLDP profile and apply it to the virtual wire interfaces.

Recommended For You