About Modular Interfaces

Some Firebox models support user-installable interface modules. In each modular interface slot on the Firebox, you can install an interface module that adds network interfaces to the Firebox.

The available interface modules are:

  • WatchGuard Firebox M 8 port 1Gb Copper Module
  • WatchGuard Firebox M 8 Port SFP Fiber Module
  • WatchGuard Firebox M 4 Port 10 Gb SFP+ Fiber Module
  • WatchGuard Firebox T 1 Port 10 GB SFP+ Fiber Module
  • WatchGuard Firebox T80/T85 LTE Interface module

This interface module is available only for the Firebox M4600, M4800, M5600, and M5800:

  • WatchGuard Firebox M 2 Port 40 GB QSFP+ Fiber Module

These interface modules are available only for the Firebox M290, M390, M590, and M690:

  • WatchGuard Firebox M 4 Port 1Gb Copper Module
  • WatchGuard Firebox M 4 port SFP Fiber Module
  • WatchGuard Firebox M 2 Port 10 Gb SFP+ Fiber Module
  • WatchGuard Firebox M 4 Port Multispeed (1/2.5/5G) Copper Module with PoE

In the interface configuration for Firebox models that support modular interface, the Module column lists the port numbers for each modular interface. The letter indicates the Firebox slot where the interface module is installed. The number indicates the port number as it is labeled on the interface module. For example module A6 refers to port 6 on the interface module installed in slot A.

The image below shows the default interface configuration for a Firebox M5600, with two interface modules installed.

Screen shot of the Network > Interfaces page for a Firebox M5600 in Fireware Web UI

Interface Modules

Each Firebox model has a different number of built-in interfaces and supports additional interface modules. You must install an interface module before you can configure the interfaces. If you use Policy Manager, after you install or remove an interface module, you must connect to the Firebox and launch a new Policy Manager instance to retrieve the Firebox configuration file that shows the installed network interfaces.

The Firebox automatically detects installed interface modules when you power it on.

Before you remove an interface module, you must disable the interfaces in the Firebox configuration. If an enabled interface is not installed, you cannot connect to the Firebox to modify the configuration.

WARNING: Interface modules are not hot-swappable. To avoid damage to the system, disconnect power to the Firebox before you install or remove interface modules. For complete information about interface modules and how to safely install them, see the Hardware Guide for your Firebox.

Some transceivers for the modules are hot-pluggable, which means you can add them to an active system. You cannot hot plug SFP or SFP+ transceivers on 8 x 1Gb SFP fiber modules on Firebox M4600 and M5600 models.

For information about how to install or remove interface modules for members of a FireCluster, go to About FireCluster with Modular Interfaces.

About the Management Interface

The Firebox M5600, M4800, and M5800 have a built-in management interface.

  • For M5600 and M5800, the management interface is interface 32.
  • For M4800, the management interface is interface 24.

The management interface is always listed first in the configuration. By default, this interface is configured as a Trusted interface with the alias Mgmt. You connect to this interface to run the Web Setup Wizard or Quick Setup Wizard to configure a Firebox that uses factory-default settings.

The management interface is for initial setup, but is not a dedicated management interface. You can configure and use it just as you would use any other interface. We recommend that you keep the management interface configured as a Trusted interface, so that you can always use it connect to your Firebox for management, even if the modular interfaces are not installed.

About Factory-Default Settings the Firebox M4800, M5600 and M5800

The default network and configuration properties for a Firebox M5600 and M5800 are:

Management Interface

For M5600 and M5800, interface 32 (Eth32) is configured as a trusted interface.
The default IP address for Eth32 is 10.0.32.1/24.
The default IP address and port for Fireware Web UI on Eth32 is https://10.0.32.1:8080.
Interface 32 is configured to give IP addresses to computers on the trusted network through DHCP. By default, these IP addresses can be from 10.0.32.2 to 10.0.32.254.

For M4800, interface 24 (Eth24) is configured as a trusted interface.
The default IP address for Eth24 is 10.0.24.1/24.
The default IP address and port for Fireware Web UI on Eth24 is https://10.0.24.1:8080.
Interface 24 is configured to give IP addresses to computers on the trusted network through DHCP. By default, these IP addresses can be from 10.0.24.2 to 10.0.24.254.

External network

Interface 0 (Eth0) is configured as an external interface.
The external interface is configured to get an IP address with DHCP.

You must have an interface module installed in slot A before you power on a new Firebox M5600 or M5800 or reset it to factory-default settings.

About FireCluster with Modular Interfaces

If you configure two Fireboxes with modular interfaces as a FireCluster, you must install the same interface modules in the same slots on both cluster members. There are also other interface connection requirements for a FireCluster with these models. For more information, go to About FireCluster with Modular Interfaces.

Related Topics

Firebox Hardware Guides

About Network Modes and Interfaces

Common Interface Settings