Configure Link Aggregation

A link aggregation (LA) interface is a group of physical interfaces that you configure to work together as a single logical interface. Each link aggregation interface can have one or more physical interface members.

Before you configure link aggregation, review the requirements and limitations in About Link Aggregation.

Physical interfaces that are members of a link aggregation interface must support the same link speed. On XTM 505, 510, 520, or 530 devices, interface 0 (Eth0) supports a lower maximum link speed than the other interfaces. If you use Eth0 as a member of a link aggregation interface on these models, you must set the Link Speed to 100 Mbps or lower in the link aggregation interface configuration and on the connected network switches.

Configure Link Aggregation in Fireware Web UI

To configure link aggregation in Fireware Web UI, you must first configure one or more physical interfaces and select Link Aggregation as the interface type. You can then create the link aggregation interface and add these interfaces as the link aggregation members.

After you configure the physical interfaces as type Link Aggregation, you can add them to a link aggregation interface configuration.

Configure Link Aggregation in Policy Manager

To configure link aggregation in Policy Manager, you add a new link aggregation interface, and then assign network interfaces to the new link aggregation interface.

After you create the link aggregation interface, you can assign physical interfaces to it.

Connect Link Aggregation Interfaces to a Switch

If you configure a link aggregation interface to use dynamic or static link aggregation, you must configure the switch that these interfaces connect with to use the same link aggregation mode and link speed. Then, you can connect the cables from the member interfaces on the Firebox to the other network device.

If the link aggregation interface uses active-backup mode, you do not need to enable link aggregation on your connected switches or routers.

For more information about link aggregation network modes, see About Link Aggregation.

Configure Link Aggregation for a FireCluster

When you configure link aggregation for a FireCluster, you must configure separate link aggregation groups on each switch for the switch ports that connect to each cluster member. For more information, see Configure Link Aggregation for a FireCluster.

Read the Link Aggregation Settings List

After you configure link aggregation settings, you can look at the list of configured link aggregation settings to see a summary of the settings.

To see the link aggregation settings, from Fireware Web UI:

Select Network > Link Aggregation.

Screen shot of the Link Aggregation page in Fireware Web UI

To see the configured link aggregation settings, from Policy Manager:

  1. Select Network > Configuration.
  2. Select the Link Aggregation tab.
    A table of existing user-defined link aggregation interfaces and their settings appears.

The columns show a summary of the settings in each link aggregation configuration.

Name

The lnk aggregation interface name. You can use this name in policies just as you would any other interface name.

Type

The interface type. Link aggregation interfaces can be Trusted, External, Optional, Custom, Bridge or VLAN.

IPv4 Address

The interface IPv4 address. This column shows DHCP or PPPoE client for an external interface configured to get an IP address from a DHCP or PPPoE server.

IPv6 Address

The interface IPv6 address. This column shows DHCP or PPPoE client for an external interface configured to get an IP address from a DHCP or PPPoE server.

DHCP (Policy Manager only)

Shows whether a DHCP server is enabled for a trusted or optional link aggregation interface. Possible values are:

  • Local — This interface is configured to use the local DHCP server on the Firebox to assign IP addresses to devices on the attached network
  • Relay — This interface is configured to use DHCP relay to another DHCP server that assigns IP addresses to devices on the attached network.

Secondary (Policy Manager only)

Secondary IP addresses configured for this interface.

Interfaces

The interface numbers of the physical interfaces that are members of this link aggregation interface.

Edit or Delete a Link Aggregation Configuration

From the Link Aggregation page, you can edit or delete a link aggregation configuration. When you remove a link aggregation configuration, the member interfaces are still set to type Link Aggregation, but they are no longer assigned to any link aggregation interface.

To edit or delete a link aggregation configuration, from Fireware Web UI:

  1. Select Network > Link Aggregation.
  2. Select the interface you want to edit or delete.
  • Click Configure to edit the selected link aggregation interface.
  • Click Remove to delete the selected link aggregation interface.

To edit or delete a link aggregation configuration, from Policy Manager:

  1. Select Network > Configuration.
  2. Select the Link Aggregation tab.
  3. Select the interface you want to edit or delete
  • Click Edit to edit the selected link aggregation interface.
  • Click Delete to delete the selected link aggregation interface.

See Also

About Link Aggregation

Give Us Feedback     Get Support     All Product Documentation     Technical Search