Applies To: Cloud-managed Fireboxes
A link aggregation group (LAG) is a group of physical interfaces that you configure to work together as a single logical interface. Each LAG can have one or more physical interface members.
In WatchGuard Cloud, you can configure a LAG as an external, internal, or guest interface, or as a member of a VLAN or bridge interface. Unlike a physical interface configuration, a LAG interface does not support Traffic Shaping, QoS, or static MAC/IP address binding.
Before You Begin
Before you configure a LAG, review the requirements and limitations from About Link Aggregation in WatchGuard Cloud.
Configure a Link Aggregation Group
To configure a LAG, you must select the interfaces to add to the LAG configuration, and then select and add the networks. You can configure a LAG from these locations:
- Networks page
- Settings page of a new network
- Settings page of an existing network
If you add a LAG from the settings page of a new or existing network, the LAG uses the new or existing network by default.
To configure a LAG, from WatchGuard Cloud:
- Select Configure > Devices.
- Select the cloud-managed Firebox.
- Click Device Configuration.
- To configure a LAG, use one of these methods:
- Click the Networks tile.
The Networks configuration page opens. - To configure a LAG for a new network, on the Networks page, add a new network.
The settings page for the network opens. - To configure a LAG for a specific network, on the Networks page, select an existing network.
The settings page for the network opens.
- Click the Networks tile.
- From one of the pages, from the Links Aggregation Groups (LAG) section, click Add LAG.
The Add Link Aggregation Group page opens.
- In the Name text box, type a name for the LAG configuration. You can use this name in Firebox policies as you would any other interface name.
- From the Mode drop-down list, select the link aggregation mode to use. You can select Static, Dynamic (802.3ad), or Active-backup. For information about link aggregation modes, go to the Link Aggregation Modes section of About Link Aggregation in WatchGuard Cloud.
If you choose Static or Dynamic (802.3ad) mode, your connected network switch or router must also support and be configured to use the same mode.
- Click Next.
The select interfaces page opens.
The list of interfaces contains only interfaces that are available and not used by another network.
- Select the interfaces you want to add to the LAG.
- Click Next.
The select networks page for the LAG opens.
- Select the networks you want to add to the LAG. You can add a standalone, bridged, or VLAN network. You can only assign the LAG to a network that is already configured.
When you add a LAG from an existing network page or when you create a new network, you do not have the option to add a network because the LAG uses the existing or new network by default.
When you add a LAG from the LAG section of the main Networks page, you cannot add a LAG to an existing External Standalone network. This attempts to create a bridged interface, and an External Standalone network only supports one interface and does not support a bridge. To add a LAG to an External Standalone network, add or edit an External network and create a LAG within the External network configuration page where you can select the LAG interfaces to use for the External network. For more information, go to the Link Aggregation Group section in Configure a Firebox External Network.
- Click Done.
The LAG configuration appears in the Link Aggregation Groups (LAG) section.
When you associate a LAG with a network, the LAG shows as an associated interface.
Delete a Link Aggregation Group
When you delete a LAG configuration, all member interfaces are removed from the LAG and the group of interfaces is removed from associated networks. When you remove the last interface from a LAG, WatchGuard Cloud automatically deletes the LAG.
To delete a LAG, from WatchGuard Cloud:
- Select Configure > Devices.
- Select the cloud-managed Firebox.
- Click Device Configuration.
- To delete a LAG, use one of these methods:
- Click the Networks tile.
The Networks configuration page opens. - To delete a LAG from a specific network, on the Networks page, select an existing network.
The settings page for the network opens.
- Click the Networks tile.
- From either page, from the Links Aggregation Groups (LAG) section and the LAG you want to delete, click
and select Delete.
- From the Delete Link Aggregation Group dialog box, click Delete.
The LAG is deleted from all associated networks.
When a LAG interface is the only interface assigned to a network, the options menu () is hidden in the LAG tile and you cannot delete the LAG interface from the options menu.
Connect a Link Aggregation Group to a Switch or Router
If you configure a LAG to use Dynamic (802.3ad) or Static link aggregation mode, you must configure the switch or router that these interfaces connect with to use the same link aggregation mode and link speed. You can then connect the cables from the member interfaces on the cloud-managed Firebox to the other network device.
If the LAG uses Active-backup mode, you do not have to enable link aggregation on your connected switches or routers.
For more information about link aggregation network modes, go to About Link Aggregation in WatchGuard Cloud.
Configure a Link Aggregation Group for a FireCluster
When you configure link aggregation for a FireCluster, you must configure a separate LAG for each switch for the switch ports that connect to each cluster member. For more information, go to Configure Link Aggregation for a FireCluster in WatchGuard Cloud.
Monitor a Link Aggregation Group Interface
When you configure a LAG interface, you can view the LAG information from the Live Status > Networks page. The Interfaces column shows the interfaces that the LAG interface includes.
To view the network status of the LAG interface, click the name of the network that contains the LAG. The Name column shows the name of the LAG interface and the LAG ID.
For more information, go to Monitor Networks on Fireboxes and FireClusters.