Managing network interfaces
Depending on the model of the Kaspersky NGFW hardware platform, a certain set of interfaces is preconfigured on the device. Interface names in the system follow the format port<port name> pattern, for example, port1, port2, port3. Port numbering starts with port1 regardless of the hardware platform model and corresponds to the physical network ports on the chassis of the device. The name of the management port is mgmt.
You can add interfaces to security zones, and then use security zones as qualifiers in security rules and decryption rules.
You can view the table of network interfaces in a device template or on a Kaspersky NGFW device:
- To view the table of network interfaces in a device template, select the Network templates tab in the menu, click a device template, and select the Interfaces section.
- To view the table of network interfaces on a Kaspersky NGFW device, go to the Devices menu section, click a Kaspersky NGFW device and select the Interfaces section.
The table displays the following L2 and L3 interfaces:
- Physical (can be of types L2 and L3)
- Aggregated (can be of types L2 and L3)
- Bridges (Bridge)
- Subinterfaces of physical and aggregated interfaces (can be of types L2 and L3)
The Update received field displays the time when the list of interfaces and their data was obtained. To update the list of interfaces, click 
→ Refresh.
To view interface statistics, select the check boxes next to the interfaces that you need and click → View status.
Information about network interfaces is displayed in the following columns of the table:
- Overridden (this column is displayed only when viewing the list of interfaces on the device) indicates whether the inheritance of settings from the device template is enabled for the network interface.
- Interface lists the names of the interface and its subinterfaces.
- Status is the administrative status of the interface, enabled or disabled. If the status is Off, the interface is not receiving or sending packets.
- Description is an arbitrary description of the interface.
- Type is the type of the interface: physical (with the dedicated management port indicated), aggregated, bridge.
- Link state is the operational status of the interface: working or not working.
- Speed is the data transfer rate of physical interfaces in Mbps and the configured speed setting mode.
For physical interfaces with the dedicated management interface role, the speed is determined automatically. You cannot change it.
- IP address is one or more IP addresses of the interface with a subnet mask, either static or obtained from a DHCP server, depending on the selected protocol. The maximum number of IP addresses that an interface can have is 20.
- Protocol is the method of assigning an IP address to the network interface:
- DHCP client means the IP address is automatically assigned via DHCP.
- Static IPv4 address means a static IPv4 address is assigned.
- None means the interface does not have an IP address.
- Members are interfaces included in the main interface.
- Aggregation mode is the interface aggregation mode.
- MTU (bytes) is the L3 MTU (Maximum Transmission Unit) of the network interface.
If the default MTU is used (the Override MTU field in the settings is empty), an empty cell is displayed in the column. The default MTU is 1500.
- MAC address is the MAC address of the network interface.
If the default MAC address of the network interface is used (the Override MAC field in the settings is empty), an empty cell is displayed in the column.
- Security zone is the security zone to which the interface has been added, with the type indicated as L2 or L3.
- DNS servers is the static IPv4 address for the dedicated management interface or an IPv4 address obtained from a DHCP server.
You can also configure and view interfaces on the command line using the interface family of commands. For a description of command families and a link to the complete list of Kaspersky NGFW configuration commands, see the Managing Kaspersky NGFW using the command line document.