Configuring an Interface

This section describes how to configure an interface.

Creating an Interface

The configuration options for different types of interfaces may vary. For more information, see the following instructions:

Creating a PPPoE Interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select PPPoE Interface from the drop-down list.

  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. In the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Username: Specifies a username for PPPoE.
    Password: Specifies PPPoE user's password.
    Confirm password: Enter the password again to make confirmation.
    Idle interval: If the PPPoE interface has been idling (no traffic) for a certain period, i.e., the specified idle interval, system will disconnect the Internet connection; if the interface requires Internet access, system will connect to Internet automatically. The value range is 0 to 10000 minutes. The default value is 30.
    Re-connect interval: Specifies a re-connect interval (i.e., system will try to re-connect automatically after being disconnected for the interval). The value range is 0 to 10000 seconds. The default value is 0, which means the function is disabled.
    Set gateway information from PPPoE server as the default gateway route: With this check box selected, system will set the gateway information provided by PPPoE server as the default gateway route.
    Advanced: In the Advanced dialog, configure advanced options for PPPoE, including:
    Access concentrator - Specifies a name for the concentrator.
    Authentication - Security appliance will have to pass PPPoE authentication when trying to connect to a PPPoE server. The supported authentication methods include CHAP, PAP and Any (the default, anyone between CHAP and PAP). Click an authentication method.
    Netmask - Specifies a netmask for the IP address obtained via PPPoE.
    Static IP - You can specify a static IP address and negotiate to use this address to avoid IP change. To specify a static IP address, type it into the box.
    Service - Specifies allowed service. The specified service must be the same with that provided by the PPPoE server. If no service is specified, system will accept any service returned from the server automatically.
    Distance - Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight - Specifies a route weight. The value range is 1 to 255. The default value is 1.
    DDNS: In the DDNS Configuration dialog, configure DDNS options for the interface. For detailed instructions, see Configuring a DDNS.
  6. Specify a management method for the interface. In the Management section, select one or more management method check boxes.
  7. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
  8. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  9. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  10. Click OK to save your settings.

Creating a Tunnel Interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select Tunnel Interface from the drop-down list.
  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. In the IP Configuration section, configure IP related information for the interface. The IP addresses for the interface can be static, or dynamically allocated. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. Management. In the Management section, select one or more management method check boxes.
  7. In the Tunnel Binding section, bind the interface to a IPSec VPN tunnel or a SSL VPN tunnel. One tunnel interface can be bound to multiple IPSec VPN tunnels, while only to one SSL VPN tunnel. For more information on the tunnel binding configuration, see the following instructions:
    Tunnel Type Description
    IPSec VPN VPN name: Specifies a name for the IPSec VPN tunnel that is bound to the interface.
    Gateway: Specifies a next-hop address for the tunnel, which can be either the IP address or the egress IP address of the peering tunnel interface. This parameter, which is 0.0.0.0 by default, is only valid when multiple IPSec VPN tunnels should be bound to the tunnel interface.
    SSL VPN VPN name: Specifies a name for the SSL VPN tunnel that is bound to the interface.
    After selecting a tunnel type and name, click Add and the binding information will be displayed in the list below. To delete a binding, select an entry from the list and click Delete.
  8. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
  9. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  10. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  11. Click OK to save your settings.

Creating a Virtual Forward Interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select Virtual Forward Interface from the drop-down list.

  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. In the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. Management. In the Management section, select one or more management method check boxes.
  7. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
    MAC clone: Changes the MAC address of the interface.
  8. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  9. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  10. Click OK to save your settings.

Creating a Loopback Interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select Loopback Interface from the drop-down list.

  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. In the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. Management. In the Management section, select one or more management method check boxes.
  7. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
  8. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  9. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  10. Click OK to save your settings.

Creating an Aggregate Interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select Aggregate Interface from the drop-down list.

  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. In the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. Management. In the Management section, select one or more management method check boxes.
  7. Specify a physical port/ports for the aggregate interface. In the Ports section, select a port/ports from the Available list, and click to add to the Selected list. The selected port/ports should neither belong to any other interface nor belong to any security zone.
  8. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
    MAC clone: Changes the MAC address of the interface.
  9. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  10. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  11. Click OK to save your settings.

Creating a Redundant Interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select Redundant Interface from the drop-down list.

  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. If Layer 3 zone is selected, in the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. If Layer 3 zone is selected, in the Management section, select one or more management method check boxes.
  7. Specify a physical port/ports for the redundant interface. In the Ports section, select a port/ports from the Available list, and click to add to the Selected list. The selected port/ports should neither belong to any other interface nor belong to any security zone.
  8. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
    MAC clone: Changes the MAC address of the interface.
  9. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  10. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  11. Click OK to save your settings.

Creating an Ethernet Sub-interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select Ethernet Sub-interface from the drop-down list.

  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. If Layer 3 zone is selected, in the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. If Layer 3 zone is selected, in the Management section, select one or more management method check boxes.
  7. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
  8. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  9. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  10. Click OK to save your settings.

Creating an Aggregate Sub-interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select Aggregate Sub-interface from the drop-down list.

  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. If Layer 3 zone is selected, in the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. If Layer 3 zone is selected, in the Management section, select one or more management method check boxes.
  7. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
  8. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  9. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  10. Click OK to save your settings.

Creating a Redundant Sub-interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select Redundant Sub-interface from the drop-down list.

  4. Specify a name and binding type. If Layer 3 zone or Layer 2 zone is selected, also select a security zone from the Zone drop-down list.
  5. If Layer 3 zone is selected, in the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. If Layer 3 zone is selected, in the Management section, select one or more management method check boxes.
  7. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
  8. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  9. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  10. Click OK to save your settings.

Creating a VSwitch Interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select VSwitch Interface the drop-down list.

  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. If Layer 3 zone is selected, in the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. If Layer 3 zone is selected, in the Management section, select one or more management method check boxes.
  7. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
  8. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  9. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  10. Click OK to save your settings.

Tip: When creating a VSwitch interface, the system will also create a corresponding VSwitch.

Creating a VLAN Interface

  1. On the Navigation pane, click Configure > Network > Network to visit the Network page.
  2. Click New on the upper-left of the interface list.
  3. Select VLAN Interface from the drop-down list.

  4. In the Interface Configuration dialog shown above, specify a name and binding type. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list.
  5. If Layer 3 zone is selected, in the IP Configuration section, configure IP related information for the interface. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
  6. If Layer 3 zone is selected, in the Management section, select one or more management method check boxes.
  7. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP learning: Select the Enable check box to enable ARP learning.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
    MAC clone: Changes the MAC address of the interface.
  8. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  9. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  10. Click OK to save your settings.

Editing an Interface

To edit an interface, select the interface you want to edit from the interface list and click Edit. In the Interface Configuration dialog, edit options for the interface. The following section takes an Ethernet interface as an example.

Editing an Ethernet Interface

  1. Select an Ethernet interface from the interface list, and click Edit on the upper-left of the interface list.
  2. In the Interface Configuration dialog, specify a security zone for the interface.
  3. If Layer 3 zone is selected, also select a security zone from the Zone drop-down list, and then configure an IP address and management method for the interface. Options for different types of IP configurations may vary. For detailed options, see the following instructions:
    Type Description
    Static IP IP address: Specifies an IP address for the interface.
    Netmask: Specifies a netmask for the interface.
    Enable DNS Proxy: Select this check box to enable DNS proxy for the interface.
    Advanced Management IP: Specifies a management IP for the interface. Type the IP address into the box.
    Secondary IP: Specifies secondary IPs for the interface. Type IP addresses into the IP address 1 and IP address 2 boxes.
    DHCP: In the DHCP Configuration dialog, configure DHCP related options for the interface. For detailed instructions, see Configuring DHCP.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    Auto-obtain Set gateway information from DHCP server as the default gateway route: With this check box selected, system will set the gateway information provided by the DHCP server as the default gateway route.
    Advanced Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    Management Priority: Specifies a priority for the DNS server. Except for static DNS servers, system can also learn DNS servers dynamically via DHCP or PPPoE. Therefore, you need to configure priorities for the DNS servers, so that the system can choose a DNS server according to its priority during DNS resolution. The priority is represented in numbers from 1 to 255. The larger the number is, the higher the priority is. The priority of static DNS servers is 50.
    DDNS: In the DDNS Configuration dialog, configure DDNS related options for the interface. For detailed instructions, see Configuring a DDNS.
    PPPoE Username: Specifies a username for PPPoE.
    Password: Specifies PPPoE user's password.
    Confrim password: Enter the password again to make confirmation.
    Idle interval: If the PPPoE interface has been idling (no traffic) for a certain period, i.e., the specified idle interval, system will disconnect the Internet connection; if the interface requires Internet access, system will connect to Internet automatically. The value range is 0 to 10000 minutes. The default value is 30.
    Re-connect interval: Specifies a re-connect interval (i.e., system will try to re-connect automatically after being disconnected for the interval). The value range is 0 to 10000 seconds. The default value is 0, which means the function is disabled.
    Set gateway information from PPPoE server as the default gateway route: With this check box selected, system will set the gateway information provided by PPPoE server as the default gateway route.
    Advanced Access concentrator: Specifies a name for the concentrator.
    Authentication: Security appliance will have to pass PPPoE authentication when trying to connect to a PPPoE server. The supported authentication methods include CHAP, PAP and Any (the default, anyone between CHAP and PAP). Click an authentication method.
    Netmask: Specifies a netmask for the IP address obtained via PPPoE.
    Static IP: You can specify a static IP address and negotiate to use this address to avoid IP change. To specify a static IP address, type it into the box.
    Service: Specifies allowed service. The specified service must be the same with that provided by the PPPoE server. If no service is specified, system will accept any service returned from the server automatically.
    Distance: Specifies a route distance. The value range is 1 to 255. The default value is 1.
    Weight: Specifies a route weight. The value range is 1 to 255. The default value is 1.
    DDNS: In the DDNS Configuration dialog, configure DDNS options for the interface. For detailed instructions, see Configuring a DDNS.
  4. If Layer 2 zone is selected, also select a security zone from the Zone drop-down list.
  5. If No binding is selected, also select a VLAN, aggregate interface or redundant interface for the interface. For detailed options, see the following instructions:
    Belong to Description
    VLAN Access mode (one VLAN) Specifies an interface in Access mode. This type of interface is designed for terminal users and only allows packets from one VLAN to pass through. After selecting this option, also select a VLAN that the interface belongs to from the VLAN drop-down list.
    Trunk mode (multiple VLANs) Specifies an interface in Trunk mode. This type of interface is typically used for inter-connections between devices, and allows packets from multiple VLANs to pass through. After selecting this options, also select a Native VLAN for the interface from the Native VLAN drop-down list, and then select an allowed VLAN/VLANs in the VLAN section by selecting a VLAN/VLANs from the Available VLANs list and clicking to add to the Selected VLANs list.
    Aggregate Interface Specifies an interface that belongs to an aggregate interface. Select an aggregate interface to which the interface belongs from the Interface group drop-down list below.
    Redundant Interface Specifies an interface that belongs to a redundant interface. Select a redundant interface to which the interface belongs from the Interface group drop-down list below.
    None Specifies an interface that does not belong to any object.
  6. If needed, click the Properties tab to configure properties for the interface. For detailed options, see the following instructions:
    Property Option
    Working mode Duplex Specifies a duplex working mode for the interface. Options include auto, full duplex and half duplex. Auto is the default working mode, in which the system will select the most appropriate duplex working mode automatically. 1000M half duplex is not supported.
    Rate Specifies a working rate for the interface. Options include Auto, 10M, 100M and 1000M. Auto is the default working mode, in which the system will detect and select the most appropriate working mode automatically. 1000M half duplex is not supported.
    Reverse route

    Applicable to Layer 3 interfaces. For detailed options, see the following instructions:

    • Enable: Enforces to use a reverse route. If the reverse route is not available, packets will be dropped. This option is enabled by default.
    • Close: Reverse route will not be used. When reaching the interface the reverse data stream will be returned to its original route without any reverse route check. That is, reverse packets will be sent from the ingress interface that initializes the packets.
    • Auto: Reverse route will be prioritized. If available, the reverse route will be used to send packets; otherwise the ingress interface that initializes the packets will be used as the egress interface that sends reverse packets.
    Combo type

    This option is applicable to the Combo port of copper port + fiber port. If both the copper port and the fiber port are plugged with cable, the fiber port will be prioritized by default; if the copper port is used at first, and then the cable is plugged into the fiber port, after reboot the fiber port will be used for data transmission. You can specify how to use a copper port or fiber port. For detailed options, see the following instructions:

    • Auto: The above default scenario.
    • Copper forced: The copper port is enforced.
    • Copper preferred: The copper port is prioritized.
    • Fiber forced: The fiber port is enforced.
    • Fiber preferred: The fiber port is prioritized. With this option configured, the device will migrate the traffic on the copper port to the fiber port automatically without reboot.

    Parameters MTU: Specifies a MTU for the interface. The value range is 1280 to 1500/1800 bytes. The default value is 1500. The max MTU may vary from different system models.
    ARP Timeout: Specifies an ARP timeout for the interface. The value range is 5 to 65535 seconds. The default value is 1200.
    Keep Alive IP: Specifies an IP address that receives the interface's Keep alive packets.
    MAC clone: Changes MAC address of the interface.
    Mirror

    Configure a mirror for the interface to mirror the traffic to other interfaces (analysis interfaces) for monitoring purpose. To configure a mirror, take the following steps:

    1. Select the Mirror check box to enable mirror.
    2. Select a traffic type that will be mirrored from the first drop-down list. Options include Sent traffic, Received traffic and All traffic.
    3. Select an analysis interface from the second drop-down list. No configuration is required for the analysis interface.
  7. If needed, click the Advanced tab to configure advanced options for the interface, including Shutdown and Monitor and Backup options. For detailed options, see the following instructions:
    Function Configuration
    Shutdown

    System supports interface shutdown. You can not only enforce to shut down a specific interface, but also control the time of shutdown by schedule, or control the shutdown according to the link status of tracked objects. Configure the options as below:

    1. Select the Shut down check box to enable interface shutdown.
    2. To control the shutdown by schedule or tracked objects, select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    Monitor and Backup

    Configure the options as below:

    1. Select an appropriate check box, and then select an appropriate schedule or tracked object from the drop-down list.
    2. Select an action: Shut down the interface: During the time specified in the schedule, or when the tracked object fails, the interface will be shut down and its related route will fail; Migrate traffic to backup interface: During the time specified in the schedule, or when the tracked object fails, traffic to the interface will be migrated to the backup interface. In such a case you need to select a backup interface from the Backup interface drop-down list and type the time into the Migrating time box. (Migrating time, 0 to 60 minutes, is the period during which traffic is migrated to the backup interface before the primary interface is switched to the backup interface. During the migrating time, traffic is migrated from the primary interface to the backup interface smoothly. By default the migrating time is set to 0, i.e., all the traffic will be migrated to the backup interface immediately.)
  8. If needed, click the RIP tab to configure RIP for the interface. For detailed options, see the following instructions:
    Authentication mode: Specifies a packet authentication mode for the system, including plain text (the default) and MD5. The plain text authentication, during which unencrypted string is transmitted together with the RIP packet, cannot assure security, so it cannot be applied to the scenarios that require high security.
    Authentication string: Specifies a RIP authentication string for the interface.
    Transmit version: Specifies a RIP information version number transmitted by the interface. By default V2 RIP information will be transmitted.
    Receive version: Specifies a RIP information version number received by the interface. By default V2 RIP information will be received.
    Split horizon: Select the Enable check box to enable split horizon. With this function enabled, routes learned from an interface will not be sent from the same interface, in order to avoid routing loop and assure correct broadcasting to some extent.
  9. Click OK to save your settings.

Deleting an Interface

To delete an interface, select the interface you want to delete from the interface list and click Delete on the upper-left of the interface list.

Notes: