Related Topics
Configure Link Aggregation
A link aggregation (LA) interface is a group of physical interfaces that you configure to work together as a single logical interface. Each link aggregation interface can have one or more physical interface members.
Before you configure link aggregation, review the requirements and limitations in About Link Aggregation.
Physical interfaces that are members of a link aggregation interface must support the same link speed. On XTM 505, 510, 520, or 530 devices, interface 0 (Eth0) supports a lower maximum link speed than the other interfaces. If you use Eth0 as a member of a link aggregation interface on these models, you must set the Link Speed to 100 Mbps or lower in the link aggregation interface configuration and on the connected network switches.
Configure Link Aggregation in Fireware Web UI
To configure link aggregation in Fireware Web UI, you must first configure one or more physical interfaces and select Link Aggregation as the interface type. You can then create the link aggregation interface and add these interfaces as the link aggregation members.
- Select Network > Interfaces.
The Network Interfaces page appears. - Select an interface and click Edit.
- From the Interface Type drop-down list, select Link Aggregation.
- In the Interface Name (Alias) text box, you can use the default name or change it to one that more closely reflects how this interface is used.
- (Optional) In the Interface Description text box, type a description of the interface.
- Click Save.
- Repeat these steps for each interface that you want to configure as a member of a link aggregation interface.
If you change an interface type from External to Link Aggregation, any 1 to 1 NAT rules previously associated with the external interface are automatically removed.
After you configure the physical interfaces as type Link Aggregation, you can add them to a link aggregation interface configuration.
- Select Network > Link Aggregation.
The Link Aggregation page appears. The interfaces configured as type Link Aggregation are listed at the top.
- To configure an interface as an available link aggregation member, click Configure.
Use the previous procedure to set the interface type to Link Aggregation. - To configure a new link aggregation interface, click Add.
The Link Aggregation settings page appears.
- In the Name text box, type a name for this link aggregation configuration.
- (Optional) In the Description text box, type a description for the link aggregation configuration
- From the Mode drop-down list, select the link aggregation mode to use. You can choose Static, Dynamic, or Active-backup.
For information about link aggregation modes, see About Link Aggregation.
If you choose Static or Dynamic mode, your connected switch or router must also support and be configured to use the same mode.
- In the Type drop-down list select the interface type. For a Link Aggregation interface, you can set the type to Trusted, Optional, Custom, External, Bridge, or VLAN.
- Configure the settings for the interface type you selected.
Configure the other settings the same way that you would configure them for any other interface.
For a Trusted, Optional, or Custom interface:
Type the IPv4 interface private IP address in slash notation. For more information about private IP addresses, see About Private IP Addresses.
Select the Network tab. Configure the DHCP settings. For more information about DHCP settings, see Configure an IPv4 DHCP Server or Configure DHCP Relay.
To enable and configure IPv6, select the IPv6 tab. For information about the IPv6 settings, see Configure IPv6 for a Trusted or Optional Interface.
For an External interface:
Select the Network tab. Type a static IPv4 address and default gateway, or configure the external interface to use DHCP or PPPoE to get an IP address. For information about external interface network settings, see Configure an External Interface.
To enable and configure IPv6, select the IPv6 tab. For information about the IPv6 settings, see Configure IPv6 for an External Interface.
IPv6 on a link aggregation interface is supported in Fireware XTM v11.9 and higher.
For a Bridge interface:
Select the network bridge interface you want to add this link aggregation interface to. You must assign this interface to a Bridge. For more information, see Assign a Network Interface to a Bridge.
For a VLAN interface:
Select the tagged or untagged VLANs you want to add this link aggregation interface to. You must assign this interface to a VLAN. For more information, see Assign Interfaces to a VLAN.
- To configure a secondary network on this interface, select the Secondary tab.
For information about how to configure a secondary network, see Add a Secondary Network IP Address. - To configure network interface card settings, select the Advanced tab.
The network interface settings apply to all physical interfaces assigned to this link aggregation interface. For more information, see Network Interface Card (NIC) Settings.
Unlike a physical interface configuration, you cannot configure Traffic Management, QoS, or static MAC/IP address binding in the interface advanced settings. A link aggregation interface does not support those features.
Configure Link Aggregation in Policy Manager
To configure link aggregation in Policy Manager, you add a new link aggregation interface, and then assign network interfaces to the new link aggregation interface.
- Select Network > Configuration.
The Network Configuration dialog box appears. - Select the Link Aggregation tab.
A table of existing user-defined link aggregation interfaces and their settings appears.
- Click Add.
The New Link Aggregation Interface Configuration dialog box appears.
- In the Name (Alias) text box, type a name for the link aggregation interface.
- (Optional) In the Description text box, type a description of the interface.
- From the Mode drop-down list, select the link aggregation mode to use. You can choose Static, Dynamic, or Active-backup.
For information about link aggregation modes, see About Link Aggregation.
If you choose Static or Dynamic mode, your connected switch or router must also support and be configured to use the same mode.
- In the Type drop-down list select the interface type. For a Link Aggregation interface, you can set the type to Trusted, Optional, Custom, External, Bridge, or VLAN.
- Configure the settings for the interface type you selected.
Configure the other settings the same way that you would configure them for any other interface.
For a Trusted, Optional, or Custom interface:
Type the IPv4 interface private IP address in slash notation. For more information about private IP addresses, see About Private IP Addresses.
Configure the DHCP settings. For more information about DHCP settings, see Configure an IPv4 DHCP Server or Configure DHCP Relay.
To enable and configure IPv6, select the IPv6 tab. For information about the IPv6 settings, see Configure IPv6 for a Trusted or Optional Interface.
For an External interface:
Type a static IPv4 address and default gateway, or configure the external interface to use DHCP or PPPoE to get an IP address. For information about external interface network settings, see Configure an External Interface.
To enable and configure IPv6, select the IPv6 tab. For information about the IPv6 settings, see Configure IPv6 for an External Interface.
IPv6 on a link aggregation interface is supported in Fireware XTM v11.9 and higher.
For a Bridge interface:
Select the network bridge interface you want to add this link aggregation interface to. You must assign this interface to a Bridge. For more information, see Assign a Network Interface to a Bridge.
For a VLAN interface:
Select the tagged or untagged VLANs you want to add this link aggregation interface to. You must assign this interface to a VLAN. For more information, see Assign Interfaces to a VLAN.
- To configure a secondary network on this interface, select the Secondary tab.
For information about how to configure a secondary network, see Add a Secondary Network IP Address. - To configure network interface card settings, select the Advanced tab.
The network interface settings apply to all physical interfaces assigned to this link aggregation interface. For more information, see Network Interface Card (NIC) Settings.
Unlike a physical interface configuration, you cannot configure Traffic Management, QoS, or static MAC/IP address binding in the interface advanced settings. A link aggregation interface does not support those features.
After you create the link aggregation interface, you can assign physical interfaces to it.
- In the Network Configuration dialog box, select the Interfaces tab.
- Select an interface and click Configure.
The Interface Settings dialog box appears. - From the Interface Type drop-down list, select Link Aggregation.
A list of configured link aggregation interfaces appears.
- In the Member column, select the link aggregation interface to make this interface a member of.
- Click OK.
If no link aggregation interfaces are configured, you can click New Link Aggregation to add an interface. Use the steps in the previous procedure to configure settings for the new link aggregation interface.
- Repeat these steps to assign more physical interfaces to this link aggregation interface.
If you change an interface type from External to Link Aggregation, any 1 to 1 NAT rules previously associated with the external interface are automatically removed.
Connect Link Aggregation Interfaces to a Switch
If you configure a link aggregation interface to use dynamic or static link aggregation, you must configure the switch that these interfaces connect with to use the same link aggregation mode and link speed. Then, you can connect the cables from the member interfaces on the Firebox to the other network device.
If the link aggregation interface uses active-backup mode, you do not need to enable link aggregation on your connected switches or routers.
For more information about link aggregation network modes, see About Link Aggregation.
Configure Link Aggregation for a FireCluster
When you configure link aggregation for a FireCluster, you must configure separate link aggregation groups on each switch for the switch ports that connect to each cluster member. For more information, see Configure Link Aggregation for a FireCluster.
Read the Link Aggregation Settings List
After you configure link aggregation settings, you can look at the list of configured link aggregation settings to see a summary of the settings.
To see the link aggregation settings, from Fireware Web UI:
Select Network > Link Aggregation.
To see the configured link aggregation settings, from Policy Manager:
- Select Network > Configuration.
- Select the Link Aggregation tab.
A table of existing user-defined link aggregation interfaces and their settings appears.
The columns show a summary of the settings in each link aggregation configuration.
Name
The lnk aggregation interface name. You can use this name in policies just as you would any other interface name.
Type
The interface type. Link aggregation interfaces can be Trusted, External, Optional, Custom, Bridge or VLAN.
IPv4 Address
The interface IPv4 address. This column shows DHCP or PPPoE client for an external interface configured to get an IP address from a DHCP or PPPoE server.
IPv6 Address
The interface IPv6 address. This column shows DHCP or PPPoE client for an external interface configured to get an IP address from a DHCP or PPPoE server.
DHCP (Policy Manager only)
Shows whether a DHCP server is enabled for a trusted or optional link aggregation interface. Possible values are:
- Local — This interface is configured to use the local DHCP server on the Firebox to assign IP addresses to devices on the attached network
- Relay — This interface is configured to use DHCP relay to another DHCP server that assigns IP addresses to devices on the attached network.
Secondary (Policy Manager only)
Secondary IP addresses configured for this interface.
Interfaces
The interface numbers of the physical interfaces that are members of this link aggregation interface.
Edit or Delete a Link Aggregation Configuration
From the Link Aggregation page, you can edit or delete a link aggregation configuration. When you remove a link aggregation configuration, the member interfaces are still set to type Link Aggregation, but they are no longer assigned to any link aggregation interface.
To edit or delete a link aggregation configuration, from Fireware Web UI:
- Select Network > Link Aggregation.
- Select the interface you want to edit or delete.
- Click Configure to edit the selected link aggregation interface.
- Click Remove to delete the selected link aggregation interface.
To edit or delete a link aggregation configuration, from Policy Manager:
- Select Network > Configuration.
- Select the Link Aggregation tab.
- Select the interface you want to edit or delete
- Click Edit to edit the selected link aggregation interface.
- Click Delete to delete the selected link aggregation interface.