Selecting Create New > Interface opens the New Interface page, which provides settings for configuring a new interface.
Selecting an interface and then selecting Edit opens the Edit Interface page.
Configure the following settings in the New Interface page or Edit Interface page and select OK:
| Interface Name | Enter a name for the interface. Physical interface names cannot be changed. If VLAN pooling is enabled, the maximum name length is 10 characters. You cannot edit the interface name after you create the interface. | |
| Alias | Enter an alternate name for a physical interface on the FortiProxy unit. The alias can be a maximum of 25 characters. The alias name does not appear in logs. This field appears when editing an existing physical interface. | |
| Type | Select the type of the interface: VLAN, 802.3ad Aggregate, or Redundant Interface. | |
| Interface | Select the name of the physical interface that you want to add a VLAN interface to. After it is created, the VLAN interface is listed below its physical interface in the Interface list.
You cannot change the physical interface of a VLAN interface except when you add a new VLAN interface. |
|
| Interface Members | Select the ports to be included in the interface if the Type is 802.3ad Aggregate. | |
| VLAN ID | Enter the VLAN ID. You cannot change the VLAN ID except when you add a new VLAN interface. The VLAN ID must be a number between 1 and 4094. It must match the VLAN ID that the IEEE 802.1Q-compliant router or switch that is connected to the VLAN subinterface adds. |
|
| Role | Select LAN, WAN, DMZ, or Undefined. The options displayed on the rest of the page change depending on the role selected. | |
| Estimated Bandwidth | Enter your estimate of the number of Kbps upstream and the number of Kbps downstream needed. This option is displayed only if Role is set to WAN. |
|
| Addressing mode IPv6 Addressing mode |
Select the addressing mode for the interface:
• Select Manual and add an IP address and network mask for the interface. If IPv6 configuration is enabled, you can add both an IPv4 and an IPv6 IP address. • Select DHCP to get the interface IP address and other network settings from a DHCP server. |
|
| IP/Network Mask | Enter an IPv4 address and subnet mask for the interface. FortiProxy interfaces cannot have IP addresses on the same subnet. This option is available only if Addressing mode is set to Manual. |
|
| Retrieve default gateway from server | Enable this to retrieve a default gateway IP address from the DHCP server. The default gateway is added to the static routing table. This option is available only if Addressing mode is set to DHCP. |
|
| Distance | Enter the administrative distance for the default gateway retrieved from the DHCP server. The administrative distance is an integer from 1 to 255, and specifies the relative priority of a route when there are multiple routes to the same destination. A lower administrative distance indicates a more preferred route. This option is available only if Addressing mode is set to DHCP and Retrieve default gateway from server is enabled. |
|
| Override internal DNS | Enable this to use the DNS addresses retrieved from the DHCP server instead of the DNS server IP addresses on the DNS page. This option is available only if Addressing mode is set to DHCP. |
|
| IPv6 Address/Prefix | If IPv6 support is enabled on the GUI, enter an IPv6 address and subnet mask for the interface. A single interface can have both an IPv4 and IPv6 address or just one or the other. This option is available only if IPv6 Addressing mode is set to Manual. |
|
| Administrative Access IPv6 Administrative Access |
Select the types of administrative access permitted for IPv4 and IPv6 connections to this interface. | |
| HTTPS | Allow secure HTTPS connections to the GUI through this interface. | |
| HTTP | HTTP traffic is automatically redirected to HTTPS. | |
| PING | Interface responds to pings. Use this setting to verify your installation and for testing. | |
| SSH | Allow SSH connections to the CLI through this interface. | |
| SNMP | Allow a remote SNMP manager to request SNMP information by connecting to this interface. | |
| FTM | Allow FTM Push notifications, for when users are attempting to authenticate through a VPN and/or RADIUS (with FortiAuthenticator as the RADIUS server). | |
| RADIUS Accounting | Allow RADIUS accounting records that the server forwards (originating from the RADIUS client). These records include the user’s IP address and user group. | |
| DHCP Server | Enable to add a DHCP server. | |
| Address Range | If you enable the DHCP server, select Create New to specify the starting IP address and the ending IP address of the address range. | |
| Netmask | If you enable the DHCP server, enter the netmask of the addresses that the DHCP server assigns. | |
| Default Gateway | If you enable the DHCP server, select Same as Interface IP or select Specify and enter the IP address of the default gateway that the DHCP server assigns to DHCP clients. | |
| DNS Server | If you enable the DHCP server, select Same as System DNS, Same as Interface IP, or select Specify and enter the IP address of the DNS server. | |
| Mode | Select the type of DHCP server the FortiProxy unit will be. By default, it is a server. Select Relay if needed. If you select Relay, enter the IP address for the DHCP server. | |
| NTP Server | To synchronize the system time and date for the DHCP server, select Local, Same as System NTP, or Specify. If you select Specify, enter the IP address for the NTP server. | |
| Time Zone | Select the time zone for the DHCP server, either Same as System or Specify. If you select Specify, select the time zone. | |
| Next Bootstrap Server | Enter the IP address of the next bootstrap server. | |
| Additional DHCP Options | Select Create New to create new DHCP options. | |
| MAC Reservation + Access Control | Select Create New to match an IP address from the DHCP server to a specific client
or device using its MAC address.
In a typical situation, an IP address is assigned ad hoc to a client, and that assignment times out after a specific time of inactivity from the client, known as the lease time. To ensure a client or device always has the same IP address (there is no lease time), use IP reservation. |
|
| Type | Select this to use the DHCP in Regular or IPsec mode. | |
| Device Detection | Enable or disable whether the FortiProxy unit can monitor your networks and gather information about the devices operating on those networks. | |
| In Bandwidth | Enter the bandwidth limit for incoming traffic. The range is 0-16,776,000 kbps. Enter 0 for unlimited bandwidth. | |
| Out bandwidth | Enter the bandwidth limit for outgoing traffic. The range is 0-16,776,000 kbps. | |
| Egress Shaping Profile | Select a traffic shaper for outgoing traffic. To create a traffic shaper, see Create or edit a traffic shaper. |
|
| Ingress Shaping Profile | Select a traffic shaper for incoming traffic. To create a traffic shaper, see Create or edit a traffic shaper. |
|
| Scan Outgoing Connections to Botnet Sites | Select Disable or Block to protect from botnet and command-and-control
traffic. This option is available only if Role is WAN, DMZ, or Undefined. |
|
| Enable Explicit Web Proxy | Select this to enable explicit web proxying on this interface. | |
| Enable Explicit FTP Proxy | Select this to enable explicit FTP proxying on this interface. | |
| Enable WCCP Protocol | The Web Cache Communication Protocol (WCCP) can be used to provide web caching with load balancing and fault tolerance. In a WCCP configuration, a WCCP server receives HTTP requests from a userʼs web browsers and redirects the requests to one or more WCCP clients. The clients either return cached content or request new content from the destination web servers before caching it and returning it to the server, which in turn returns the content to the original requester. If a WCCP configuration includes multiple WCCP clients, the WCCP server load balances traffic among the clients and can detect when a client fails and failover sessions to still operating clients. WCCP is described by the Web Cache Communication Protocol Internet draft. | |
| Secondary IP Address | Add additional IPv4 addresses to this interface. See To add secondary IP addresses:. | |
| Comments | Enter a description up to 255 characters to describe the interface. | |