Configure the Network Interfaces
Configure the Ethernet interfaces that connect
the firewall to the ACI leaf switches. The VLAN ID number used in
this configuration should be a member of the VLAN pool assigned
to the firewalls in ACI.
The VM-Series firewall does
not support aggregate Ethernet groups.
- Select and clickAdd Aggregate Group.
- Enter a number for the aggregate group in the secondInterface Namefield.
- Select Layer 3 from theInterface Typedrop-down.
- Select theLACPtab and clickEnable LACP.
- SelectFastas theTransmission Rate.
- Under High Availability Options, selectEnable in HA Passive State.Do not selectSame System MAC Address for Active-Passive HA. This option makes the firewall pair appear as a single device to the switch, so traffic will flow to both firewalls instead of just the active firewall.
- ClickOK.
- Click on the name of an Ethernet interface to configure it and add it to the aggregate group.
- SelectAggregate Ethernetfrom the Interface Type drop-down.
- Select the interface you defined in the aggregate Ethernet group configuration.
- ClickOK.
- Repeat this step for each other member interface of the aggregate Ethernet group.
- Add a subinterface on the aggregate Ethernet interface for the tenant and VRF.
- Select the row of your aggregate Ethernet group and clickAdd Subinterface.
- In the secondInterface Namefield, enter a numerical suffix to identify the subinterface.
- In theTagfield, enter the VLAN tag of the subinterface.
- Select the virtual router you configured previously from theVirtual Routerdrop-down.
- Select the zone you configured previously from theZonedrop-down.
- Select theIPv4tab.
- Select theStaticType.
- ClickAddand enter the subinterface IP address and network mask in CIDR notation.
- ClickOK.
