Configure the Ethernet interfaces that connect
the firewall to the ACI leaf switches. The VLAN ID number used in
this configuration should be a member of the VLAN pool assigned
to the firewalls in ACI.
The VM-Series firewall does
not support aggregate Ethernet groups.
Add Aggregate Group
Enter a number for the aggregate group in the second
Select Layer 3 from the
tab and click
Under High Availability Options, select
in HA Passive State
Do not select
Same System MAC Address
for Active-Passive HA
. This option makes the firewall
pair appear as a single device to the switch, so traffic will flow
to both firewalls instead of just the active firewall.
Click on the name of an Ethernet interface to configure
it and add it to the aggregate group.
the Interface Type drop-down.
Select the interface you defined in the aggregate
Ethernet group configuration.
Repeat this step for each other member interface of
the aggregate Ethernet group.
Add a subinterface on the aggregate Ethernet interface
for the tenant and VRF.
Select the row of your aggregate Ethernet
group and click
In the second
enter a numerical suffix to identify the subinterface.
field, enter the
VLAN tag of the subinterface.
Select the virtual router you configured previously
Select the zone you configured previously from the
and enter the subinterface
IP address and network mask in CIDR notation.