Configure the Network Interfaces

Configure the Ethernet interfaces that connect the firewall to the ACI leaf switches. The VLAN ID number used in this configuration should be a member of the VLAN pool assigned to the firewalls in ACI.
The VM-Series firewall does not support aggregate Ethernet groups.
  1. Select NetworkInterfacesEthernet and click Add Aggregate Group.
  2. Enter a number for the aggregate group in the second Interface Name field.
  3. Select Layer 3 from the Interface Type drop-down.
  4. Select the LACP tab and click Enable LACP.
  5. Select Fast as the Transmission Rate.
  6. Under High Availability Options, select Enable in HA Passive State.
    Do not select Same System MAC Address for Active-Passive HA. This option makes the firewall pair appear as a single device to the switch, so traffic will flow to both firewalls instead of just the active firewall.
  7. Click OK.
    config-ae-interface.png
  8. Click on the name of an Ethernet interface to configure it and add it to the aggregate group.
    1. Select Aggregate Ethernet from the Interface Type drop-down.
    2. Select the interface you defined in the aggregate Ethernet group configuration.
    3. Click OK.
    4. Repeat this step for each other member interface of the aggregate Ethernet group.
      config-ae-member.png
  9. Add a subinterface on the aggregate Ethernet interface for the tenant and VRF.
    1. Select the row of your aggregate Ethernet group and click Add Subinterface.
    2. In the second Interface Name field, enter a numerical suffix to identify the subinterface.
    3. In the Tag field, enter the VLAN tag of the subinterface.
    4. Select the virtual router you configured previously from the Virtual Router drop-down.
    5. Select the zone you configured previously from the Zone drop-down.
    6. Select the IPv4 tab.
    7. Select the Static Type.
    8. Click Add and enter the subinterface IP address and network mask in CIDR notation.
    9. Click OK.

Related Documentation