Plan the Interfaces for the VM-Series for ESXi
By planning the mapping of VM-Series Firewall vNICs and interfaces, you can avoid reboots and configuration issues. The following table describes the default mapping between VMware vNICs and VM-Series interfaces when all 10 vNICs are enabled on ESXi.
Ethernet 1/0 (mgmt)
Ethernet 1/1 (eth1)
Ethernet 1/2 (eth2)
Ethernet 1/3 (eth3)
Ethernet 1/4 (eth4)
Ethernet 1/5 (eth5)
Ethernet 1/6 (eth6)
Ethernet 1/7 (eth7)
Ethernet 1/8 (eth8)
Ethernet 1/9 (eth9)
The mapping on the VM-Series Firewall remains the same no matter which vNICs you add on ESXi. Interfaces you activate on the firewall always take the next available vNIC on ESXi.
In the following diagram, eth3 and eth4 on the VM-Series Firewall are paired to vNICs 2 and 3 on ESXi, and eth1 and eth2 are unmapped, as shown on the left.
If you want to add two additional interfaces while maintaining the current mapping, activate vNICs 4 and 5 and reboot down the firewall. The existing vNIC mapping is preserved because you added the interfaces after the last-mapped inteface.
If you activate eth1 and eth2 on the VM-Series firewall, the interfaces reorder themselves as shown on the right, resulting in a mapping mismatch that impacts traffic.
To avoid the issues described in the preceding example, you can do the following:
- When provisioning your ESXi host for the first time, activate all nine vNICs beyond the first. Adding all nine vNICs as placeholders before powering on the VM-Series Firewall allows you to use any VM-Series interfaces regardless of order.
- If all vNICs are active, adding additional interfaces no longer requires a reboot. Because each vNIC on ESXi requires that you choose a network, you can create an empty port group as a network placeholder.
- Do not remove VM-Series firewall vNICs to avoid mapping mismatches.
VM-Series on ESXi System Requirements
VM-Series on ESXi System Requirements You can create and deploy multiple instances of the VM-Series firewall on an ESXi server. Because each instance of the ...
VM-Series on Cisco CSP System Requirements
VM-Series on Cisco CSP System Requirements You can create and deploy multiple instances—standalone or as an HA pair—of the VM-Series firewall on your Cisco CSP. ...
Deploy the VM-Series Firewall on OCI Using the Terraform Template
Deploy the VM-Series Firewall on OCI Using the Terraform Template You can use a Terraform Template to deploy the VM-Series firewall on OCI. The template ...
Launch the VM-Series Firewall in OCI
Launch the VM-Series Firewall in OCI After uploading the KVM qcow2 image to OCI and configuring a Virtual Cloud Network (VCN), you are ready to ...
Provision the VM-Series Firewall on an ESXi Server
Provision the VM-Series Firewall on an ESXi Server Use these instructions to deploy the VM-Series firewall on a (standalone) ESXi server. For deploying the VM-Series ...
Deploy the VM-Series Firewall on Cisco CSP
Deploy the VM-Series Firewall on Cisco CSP Complete the following procedure to deploy the VM-Series firewall on Cisco CSP. Download the VM-Series qcow2 base image ...
Install a VM-Series firewall on VMware vSphere Hypervisor (...
Install a VM-Series firewall on VMware vSphere Hypervisor (ESXi) To install a VM-Series firewall you must have access to the Open Virtualization Alliance format (OVA) ...
Launch the VM-Series Firewall Using a Terraform Template
Launch the VM-Series Firewall Using a Terraform Template After modifying the templates for your OCI environment, you can launch the VM-Series firewall. The VM-Series firewall ...
Why is the VM-Series firewall not receiving any network tra...
Why is the VM-Series firewall not receiving any network traffic? On the VM-Series firewall. check the traffic logs ( Monitor Logs ). If the logs ...