Related Topics
About Modular Interfaces
Firebox M4600 and M5600 models support user-installable interface modules. Both models support three modular interface types that each add either four or eight interfaces to the Firebox:
- WatchGuard Firebox M 8 Port 1Gb Copper Module
- WatchGuard Firebox M 8 Port SFP Fiber Module
- WatchGuard Firebox M 4 Port 10 Gb SFP+ Fiber Module
In the interface configuration for Firebox models that support modular interface, the Module column lists the port numbers for each modular interface. The letter indicates the Firebox slot where the interface module is installed. The number indicates the port number as it is labeled on the interface module. For example module A6 refers to port 6 on the interface module installed in slot A.
The image below shows the default interface configuration for a Firebox M5600.
Interface Modules
Each Firebox model has a different number of built-in interfaces and supports additional interface modules. You must install an interface module before you can configure the interfaces. If you use Policy Manager, after you install or remove an interface module, you must connect to the Firebox and launch a new Policy Manager instance to retrieve the Firebox configuration file that shows the installed network interfaces.
The Firebox M4600 has eight built-in interfaces, and two interface module slots, A and B. You can install an interface module in each slot. For each interface module, ports are numbered from 0–7 or 0–3.
Firebox M4600 Slot | Modular Interface Port Numbers | Interface Numbers in Firebox Configuration |
---|---|---|
A | A0–A7 (8 port) A0–A3 (4 port) |
8–15 8–11 |
B | B0–B7 (8 port) B0–B3 (4 port) |
16–23 16–19 |
If any slot is empty, those interface numbers do not appear in the configuration, and the interface numbers for other installed modular interfaces do not change.
The Firebox M5600 has one built-in interface, and four interface module slots, A, B, C, and D. Two interface modules come preinstalled in slots A and B. For each interface module, ports are numbered from 0–7 or 0–3.
Firebox M5600 Slot | Modular Interface Port Numbers | Interface Numbers in Firebox Configuration |
---|---|---|
A | A0–A7 (8 port) A0–A3 (4 port) |
0–7 (preinstalled) 0–3 |
B | B0–B7 (8 port) B0–B3 (4 port) |
8–15 8–11 (preinstalled) |
C | C0–C7 (8 port) C0–C3 (4 port) |
16–23 16–19 |
D | D0–D7 (8 port) D0–D3 (4 port) |
24–31 24–27 |
If any slot is empty, those interface numbers do not appear in the configuration, and the interface numbers for other installed modular interfaces do not change.
The Firebox automatically detects installed interface modules when you power it on.
Before you remove an interface module, you must disable the interfaces in the Firebox configuration. If an enabled interface is not installed, you cannot connect to the Firebox to modify the configuration.
Interface modules are not hot-swappable. For complete information about interface modules and how to safely install them, see the Hardware Guide for your Firebox.
To avoid damage to the system, disconnect power to the Firebox before you install or remove interface modules.
For information about how to install or remove interface modules for members of a FireCluster, see About FireCluster with Modular Interfaces.
About Interface 32 on the Firebox M5600
The Firebox M5600 has one built-in interface, interface 32. This interface is always listed first in the configuration. By default, this interface is configured as a Trusted interface with the alias Mgmt. You connect to this interface to run the Web Setup Wizard or Quick Setup Wizard to configure a Firebox that uses factory-default settings.
Interface 32 is not a dedicated management interface. You can configure and use it just as you would use any other interface. We recommend that you keep interface 32 configured as a Trusted interface, so that you can always use it connect to your Firebox for management, even if the modular interfaces are not installed.
About Factory-Default Settings on the Firebox M5600
The default network and configuration properties for a Firebox M5600 are:
Trusted networks
Interface 32 (Eth32) is configured as a trusted interface.
The default IP address for Eth32 is 10.0.31.1/24.
The default IP address and port for Fireware Web UI on Eth32 is https://10.0.32.1:8080.
Interface 1 is configured to give IP addresses to computers on the trusted network through DHCP. By default, these IP addresses can be from 10.0.32.2 to 10.0.32.254.
Interface 1 (Eth1) is configured as a trusted interface.
The default IP address for Eth1 is 10.0.1.1/24.
The default IP address and port for Fireware Web UI on Eth1 is https://10.0.1.1:8080.
Interface 1 is configured to give IP addresses to computers on the trusted network through DHCP. By default, these IP addresses can be from 10.0.1.2 to 10.0.1.254.
External network
Interface 0 (Eth0) is configured as an external interface.
The external interface is configured to get an IP address with DHCP.
You must have an interface module installed in slot A before you power on a new Firebox M5600 or reset it to factory-default settings.
About FireCluster on the M5600 and M4600
If you configure two Firebox M4600 or M5600 devices as a FireCluster, you must install the same interface modules in the same slots on both cluster members. There are also other interface connection requirements for a FireCluster with these models. For more information, see About FireCluster with Modular Interfaces.