Aggregate

Set the switch to ON / OFF to enable or disable the aggregate.

An interface can be:

• Internal (protected): when this option is selected, this means that the interface is protected (a shield appears). a protected interface only accepts packets coming from a known address range, such as a directly connected network or a network defined by a static route. This protection includes remembering machines that have logged on to this interface, conventional traffic security mechanisms (TCP) and implicit rules for services offered by the firewall such as DHCP.

• External (public): choosing this option indicates that the interface does not benefit from the protection of a protected interface and can therefore receive packets coming from any address range (which are not assigned to internal interfaces). This type of interface is used mainly to connect the firewall to the Internet.

Selecting this option indicates that the IP address of the interface is dynamic (obtained via DHCP) or static. This will unlock the IPv4 address field.

When this option is selected, the IP address of the interface will be defined by DHCP. An Advanced DHCP properties zone appears with the following parameters:

• DNS name (optional): a fully qualified DHCP host name (FQDN) can be indicated for the DHCP request.
  
  If a value is entered in this field and the external DHCP server has the option of automatically updating the DNS server, the DHCP server automatically updates the DNS server with the name of the firewall, its assigned IP address and allocated lease time (field below).

• Requested lease time (seconds): in addition to the DNS name, enter the duration for which the IP address is kept before renegotiation.

• Request domain name servers from the DHCP server and create host objects: select this parameter so that the firewall will retrieve DNS servers from the DHCP server (access provider, for example) that provided its IP address. When this option is selected, two objects will be created: Firewall_<interface name>_dns1 and Firewall_<interface name>_dns2. They can then be used in the configuration of the DHCP service. So if the firewall provides the users on its network with a DHCP service, the users will also benefit from the DNS servers given by the access provider.

When this option is selected, the IP address of the interface will be static. A grid appears, in which you must add the IP address and its subnet mask. Several IP addresses and associated masks can be added if aliases need to be created, for example. These aliases allow you to use the firewall as a central routing point. As such, an interface can be connected to various sub-networks with a different address range.

If you add several IP addresses (aliases) to the same address range, these addresses must all have the same mask. Reloading the network configuration will apply this mask to the first address and a /32 mask to the addresses that follow.

When this option is selected, the aggregate is LACP-based. The LACP (IEEE 802.3ad - Link Aggregation Control Protocol) feature helps improve the firewall’s bandwidth while maintaining a high level of availability (link redundancy). Several physical ports on a firewall can be grouped together to be considered a single logical interface. Therefore, by aggregating x links, it is possible to set up a link of x times 1 Gbps or 10 Gbps between two appliances.

NOTE
Ensure that the remote appliances are using LACP.