Allied Telesis Support Portal

Adding Interfaces to vFW (NFV-APL)

How can I add more interfaces to the Firewall? How can I use the Interfaces for the Entities in the Firewall?

Introduction

The Allied Telesis 10 Gigabit Unified Threat Management (UTM) Firewall application provides an ideal integrated security platform for modern businesses. A powerful 10G firewall and threat protection is combined with comprehensive VPN capability. Easily and securely connect the head-office to branch-offices for an innovative high performance business solution.

This article will assume that the .iso corresponding to the vFirewall has been correctly installed in the AT-VST-APL.

The following sections explain how to change the default configuration to use the other ETH ports on the AT-VST-APL.
 

Initial setting of AT-NFV-APL

By default, the AT-NFV-APL uses the IP 192.168.1.1/24; however, if there is a DHCP server on the network, the IP address obtained from the DHCP server is set. (Set to logical port br0 connected to VLAN1 on the software bridge).

All physical ports are connected to VLAN1 by software bridge (layer 2 connection) as shown in the following diagram:
 

NFV default

There are two types of virtual interfaces in the vFirewall application:

  • Virtual: Is an interface to a specific VLAN on the AT-NFV-APL software bridge.

  • Physical: Is directly connected to the AT-NFV-APL physical port.


Note: It must be taken into consideration that the Physical Port ETH1 is the first in the AT-VST-APL, however, for the configuration of the logical part, this corresponds to ETH0, in the same way the Port ETH2 of the AT-APL-VST logically corresponds to ETH1.
 

Adding interfaces to be used by the vFirewall

To use the AT-VST-APL interfaces, it is necessary to remove the default Bridge (Br0), as an example, ETH4 is going to be removed from Br0 and then assign it a different VLAN.

Step 1. Select "Network Infrastructure" > "Bridging" from the menu on the left.
 

NFV bridging

Step 2. Click the Delete (Trash can) button of eth4.
This will remove the ETH4 from the bridge port list.
In the previous image we can see that ETH2 and ETH3 are not visible because those were previously eliminated.

Step 3. Click the "Save" button at the top right corner of the screen to save the setting change of the bridge port. The button will change from Orange to Blue.

Step 4. Select "AW+ Firewall" from the menu on the left of the NFV-APL and open the "Application Configuration" screen by clicking “Configure”.

Note: To add one of the interfaces to a Firewall that is in use, the Application must be stopped first.

Expand the "Network" section, and then click on “+ Add Network”.
 

vFW add network

Step 5. Change the Interface Type from “Virtual” to “Physical” and the Host Interface to the Interface that you previously removed from the Bridge, in our example “eth4”.
 

add eth4


It is not necessary to add an IPv4 Address or the Gateway Address now, those can be configured in the vFirewall.

Click “Apply”.

Step 6. Start the vFirewall Application and Open it.

Step 7. Select "Network Infrastructure" > "Interface Management" from the menu on the left.
The interface “eth3” is now available for an IP address assignment.
 

add IP to eth4

Alternatively, a VLAN can be tagged and assign an IP address to one of the interfaces by clicking "+ New Interface" at the top right corner.
Change the Interface Type to “dot1q”, the Interface Name to “eth3” and add the VLAN ID.
 

New interface

This will add a new interface “eth3.40” where an IP address can be assigned to.