Enter a name for the interface. Physical interface names cannot be changed. If VLAN pooling is enabled, the maximum name length is 10 characters. You cannot edit the interface name after you create the interface.

Enter an alternate name for a physical interface on the FortiProxy unit. The alias can be a maximum of 25 characters. The alias name does not appear in logs. This field appears when editing an existing physical interface.

Select the type of the interface: VLAN, 802.3ad Aggregate, or Redundant Interface.

Refer to Aggregation for more information about the Aggregate interface type.

Select the ports to be included in the interface if the Type is 802.3ad Aggregate or Redundant Interface.

This field is available when Type is set to VLAN.

Select the name of the physical interface that you want to add a VLAN interface to. After it is created, the VLAN interface is listed below its physical interface in the Interface list.

You cannot change the physical interface of a VLAN interface.

This field is available when Type is set to VLAN.

Enter the VLAN ID. You cannot change the VLAN ID except when you add a new VLAN interface.

The VLAN ID must be a number between 1 and 4094. It must match the VLAN ID that the IEEE 802.1Q-compliant router or switch that is connected to the VLAN subinterface adds.

Set the role setting for the interface. Different settings will be shown or hidden when editing an interface depending on the role.

• LAN: Used to connected to a local network of endpoints

• WAN: Used to connected to the internet.

• DMZ: Used to connected to the DMZ. When selected, DHCP server and Security mode are not available.

• Undefined: The interface has no specific role.

The estimated WAN bandwidth. Enter the upstream and downstream bandwidth. These values are used to estimate WAN usage.

Select the addressing mode for the interface:

• Select Manual and add an IPv4 address and network mask for the interface. If IPv6 configuration is enabled, you can add both an IPv4 and an IPv6 IP address.

• Select DHCP to get the interface IP address and other network settings from a DHCP server.

• Select Auto-managed by FortiIPAM if you have FortiIPAM Cloud. The FortiIPAM (IP Address Management) service automatically assigns subnets to the FortiProxy unit to prevent duplicate IP addresses from overlapping within the same Security Fabric. FortiIPAM is a paid service and must be registered to the FortiProxy unit in FortiCare.

Enter an IPv4 address and subnet mask for the interface. FortiProxy interfaces cannot have IP addresses on the same subnet.

This option is available only if Addressing mode is set to Manual.

Enable this to retrieve a default gateway IP address from the DHCP server. The default gateway is added to the static routing table.

This option is available only if Addressing mode is set to DHCP.

Enter the administrative distance for the default gateway retrieved from the DHCP server. The administrative distance is an integer from 1 to 255, and specifies the relative priority of a route when there are multiple routes to the same destination. A lower administrative distance indicates a more preferred route.

This option is available only if Addressing mode is set to DHCP and Retrieve default gateway from server is enabled.

Enable this to use the DNS addresses retrieved from the DHCP server instead of the DNS server IP addresses on the DNS page.

This option is available only if Addressing mode is set to DHCP.

Select the addressing mode for the interface:

• Select Manual and add an IP address and network mask for the interface.

• Select DHCP to get the interface IP address and other network settings from a DHCP server.

• Select Delegated to select an IPv6 upstream interface that has DHCPv6 prefix delegation enabled and enter an IPv6 subnet if needed. The interface will get the IPv6 prefix from the upstream DHCPv6 server that is connected to the IPv6 upstream interface and form the IPv6 address with the subnet configured on the interface.

If Addressing Mode is set to Manual and IPv6 support is enabled, enter an IPv6 address and subnet mask for the interface. A single interface can have an IPv4 address, IPv6 address, or both.

This option is available when Role is set to LAN or DMZ.

Enable this option to automatically create an address object that matches the interface subnet.

Add additional IPv4 addresses to this interface.

If IPv6 support is enabled on the GUI, enter an IPv6 address and subnet mask for the interface. A single interface can have both an IPv4 and IPv6 address or just one or the other.

This option is available only if IPv6 Addressing mode is set to Manual.

Select the types of administrative access permitted for IPv4 and IPv6 connections to this interface.

Allows speed tests to be executed on the interface.

Allow secure HTTPS connections to the GUI through this interface.

HTTP traffic is automatically redirected to HTTPS.

Interface responds to pings. Use this setting to verify your installation and for testing.

Allow FortiManager to access this interface.

Allow SSH connections to the CLI through this interface.

Allow a remote SNMP manager to request SNMP information by connecting to this interface.

Allow FTM Push notifications, for when users are attempting to authenticate through a VPN and/or RADIUS (with FortiAuthenticator as the RADIUS server).

Allow RADIUS accounting records that the server forwards (originating from the RADIUS client). These records include the user’s IP address and user group.

Allow Security Fabric access. This access enables CAPWAP and FortiTelemetry.

Enable to provide IPv6 addresses to connected devices using SLAAC.

Enable to provide a list of IPv6 prefixes.

Enter the IPv6 prefix.

Enable or disable traffic shaping on the interface. This allows you to enforce bandwidth limits on individual interfaces.

Enable to specify the outbound bandwidth.

Enable or disable traffic shaping on the interface. This allows you to enforce bandwidth limits on individual interfaces.

Enable to specify the inbound bandwidth.

Enter a description of the interface of up to 255 characters.

Enable or disable the interface.

Select this to enable explicit web proxying on this interface.

Enable or disable explicit FTP proxying on this interface.

The Web Cache Communication Protocol (WCCP) can be used to provide web caching with load balancing and fault tolerance. In a WCCP configuration, a WCCP server receives HTTP requests from a userʼs web browsers and redirects the requests to one or more WCCP clients. The clients either return cached content or request new content from the destination web servers before caching it and returning it to the server, which in turn returns the content to the original requester. If a WCCP configuration includes multiple WCCP clients, the WCCP server load balances traffic among the clients and can detect when a client fails and failover sessions to still operating clients. WCCP is described by the Web Cache Communication Protocol Internet draft.

Enable or disable proxy captive portal on this interface.