A custom interface enables you to define a custom security zone that is separate from the predefined trusted, optional, and external zones. A custom interface is not a member of the built-in aliases Any-Trusted, Any-Optional, or Any-External. Because a custom interface is not included in the built-in aliases, traffic for a custom interface is not allowed through the XTM device unless you specifically configure policies to allow it.
To configure a custom interface, the device must use Fireware XTM v11.9 or higher.
You can configure a physical interface, wireless interface, Bridge, VLAN, or Link Aggregation interface as a custom interface. When you configure an interface as a custom interface, the network settings you can configure are the same as for a trusted or optional interface.
These examples show how you can use a custom interface:
To enable a wireless network for guest users, you can configure an access point in the Custom zone and use the wireless interface alias in policies that you want to handle traffic from wireless clients. For example, to set up Access Point 1 on an XTM wireless device as a guest network:
If you already have trusted and optional networks, and you want to configure a third internal security zone, you can configure one or more interfaces or wireless access points as Custom. You can then add these custom interfaces to a new alias. Use the new alias in policies that you want to handle traffic from this network.
For example, to create a Semi-Trusted security zone that includes both wired and wireless networks:
For more information about aliases, see About Aliases.
To configure a physical interface as a custom network interface:
To configure a wireless, VLAN, Bridge, or Link Aggregation interface as a custom interface, set the Interface Type to Custom, and configure all other settings as you would for a trusted or optional interface.
After you configure an interface as a custom interface, you must configure policies to allow traffic to and from the interface. You can edit the existing policies or create new policies that use the custom interface name. Or, you can create a new alias that includes multiple custom interfaces, and then use that custom alias in policies. For more information about aliases, see About Aliases.
Common Interface Settings
About Advanced Interface Settings