Use the VM-Series Firewall CLI to Swap the Management Interface

If you did not swap the management interface (MGT) with the dataplane interface (ethernet 1/1) when deploying the firewall, you can use the CLI to enable the firewall to receive dataplane traffic on the primary interface after launching the firewall.
  1. Complete Steps 1 through 7 in Launch the VM-Series Firewall on AWS.
    Before you proceed, verify that the firewall has a minimum of two ENIs (eth0 and eth1). If you launch the firewall with only one ENI, the interface swap command will cause the firewall to boot into maintenance mode.
  2. On the EC2 Dashboard, view the IP address of the eth1 interface and verify that the AWS Security Group rules allow connections (HTTPS and SSH) to the new management interface (eth1).
  3. Log in to the VM-Series firewall CLI and enter the following command:
    set system setting mgmt-interface-swap enable yes
  4. Confirm that you want to swap the interface and use the eth1 dataplane interface as the management interface.
  5. Reboot the firewall for the swap to take effect. Use the following command:
    request restart system
  6. Verify that the interfaces have been swapped. Use the following command:
    debug show vm-series interfaces all
    Phoenix_interface   Base-OS_port   Base-OS_MAC        PCI-ID         Driver mgt(interface-swap) eth0   0e:53:96:91:ef:29   0000:00:04.0   ixgbevf Ethernet1/1           eth1    0e:4d:84:5f:7f:4d       0000:00:03.0   ixgbevf

Recommended For You