How to Configure Virtual Interface Groups for the MCN Site

After adding the new MCN site, the next step is to create and configure the Virtual Interface Groups for the site.

The following are some guidelines for configuring Virtual Interface groups:

  • Use logical names that will best describe the group.

  • Trusted networks are networks that are protected behind a Firewall.

  • Virtual Interfaces associate interfaces to Fail to Wire (FTW) pairs.

  • Single WAN interfaces cannot be in an FTW pair.


For additional guidelines and information on configuring Virtual Interface Groups, see the Virtual Routing and Forwarding section.

To add a Virtual Interface Group to the new MCN site, do the following:

  1. Continuing in the Sites tree of the Configuration Editor, click + next to the name of the site you just added.

    This opens the configuration branches for the new site.

    localized image

  2. Click + to the left of the Interface Groups branch.

    This displays the Interface Groups table for the site.

  3. Click + to the right of Interface Groups.

    This adds a new blank group entry to the table and opens it for editing.

    localized image

  4. Select the Ethernet Interfaces to include in the group.

    Under Ethernet Interfaces, click a box to include/exclude that interface. You can select any number of interfaces to include in the group. A goldenrod highlight indicates an included interface.

  5. Select the Bypass Mode from the drop-down menu (no default).

    The Bypass Mode specifies the behavior of bridge-paired interfaces in the Virtual Interface Group, in the event of an appliance or service failure or restart. The options are: Fail-to-Wire or Fail-to-Block.

  6. Select the Security Level from the drop-down menu.

    This specifies the security level for the network segment of the Virtual Interface Group. The options are: Trusted or Untrusted. Trusted segments are generally protected by a firewall (default is Trusted).

  7. Click + at the left edge of the new blank entry.

    This displays the Virtual Interfaces and Bridge Pairs tables.

    localized image

  8. Click + to the right of Virtual Interfaces.

    This reveals the Name and the VLAN ID ids.

    localized image

  9. Enter the Name and VLAN ID for this Virtual Interface Group.

    Name – This is the name by which this Virtual Interface will be referenced.

    VLAN ID – This is the ID for identifying and marking traffic to and from the Virtual Interface. Use an ID of 0 (zero) for native/untagged traffic.

  10. Click + to the right of Bridge Pairs.

    This adds a new Bridge Pairs entry and opens it for editing.

    localized image

  11. Select the Ethernet interfaces to be paired from the drop-down menus.

    To add more pairs, click + next to Bridge Pairs again.

  12. Click Apply.

    This applies your settings and adds the new Virtual Interface Group to the table.

    localized image


    At this stage, you will see a yellow delta Audit Alert icon, to the right of the new Virtual Interface Group entry. This is because you have not yet configured any Virtual IP Addresses (VIPs) for the site. For now, you can ignore this alert, as it will be resolved automatically when you have properly configured the VIPs for the site.

  13. To add more Virtual Interface Groups, click + to the right of the Interface Groups branch, and proceed as above.

How to Configure Virtual Interface Groups for the MCN Site