Use the VM-Series CLI to Swap the Management Interface on ESXi

By default, the VM-Series firewall assigns the first interface (eth0) as the management interface. However, in some deployments, the first interface must be pre-mapped to a public IP address. Therefore, the management interface must be assigned to a different interface. Assigning a public IP address to the management interface is a security risk.
This procedure requires VM-Series plugin 2.0.7 or later.
Alternatively, you can enable management interface swap as part of the init-cfg.txt File Components when bootstrapping.
  1. Log in to the VM-Series firewall CLI and enter the following command:
    set system setting mgmt-interface-swap enable yes
  2. Confirm that you want to swap the interface and use the eth1 dataplane interface as the management interface.
  3. Reboot the firewall for the swap to take effect. Use the following command:
    request restart system
  4. Verify that the interfaces have been swapped. Use the following command:
    debug show vm-series interfaces all
    Phoenix_interface   Base-OS_port   Base-OS_MAC        PCI-ID         Driver mgt(interface-swap) eth0   0e:53:96:91:ef:29   0000:00:04.0   ixgbevf Ethernet1/1           eth1    0e:4d:84:5f:7f:4d       0000:00:03.0   ixgbevf

Recommended For You