Roles of physical interfaces

Physical interfaces (ports) of a Kaspersky NGFW device can have the following roles:

• A data plane interface is for user traffic processing.

  Data plane interfaces can receive and send Jumbo frames with an L2 MTU (maximum transmission unit) value from 64 to 9216 bytes. If Kaspersky NGFW receives a frame (hereinafter also referred to as a packet) with an L2 MTU of more than 9216 bytes, such a packet is dropped. You cannot change the allowed L2 MTU value for Kaspersky NGFW.

• A dedicated management interface is for managing the Kaspersky NGFW device. When data plane interfaces of a Kaspersky NGFW device are subjected to a denial of service attack or similar traffic, the device remains accessible through its dedicated management interfaces.
• The sync interface is designed to synchronize cluster nodes. It is used to establish a TCP session between cluster nodes.

You can change the roles of physical interfaces individually or assign the same role to multiple physical interfaces at the same time, if the same network template is applied to the devices of these interfaces. By default, Kaspersky NGFW is delivered with one physical dedicated management interface. All other physical interfaces are data plane interfaces.

It is not possible to simultaneously assign the data plane interface role and the dedicated management interface role to the same physical interface.

The sync interface role can be assigned to a physical or aggregated interface. If the sync interface role is assigned to an aggregated interface, you need to manually configure the physical interfaces included in the aggregated interface. The aggregated interface is configured automatically.

Page top