: Use the VM-Series Firewall CLI to Swap the Management Interface
Focus
Focus

Use the VM-Series Firewall CLI to Swap the Management Interface

Table of Contents

Use the VM-Series Firewall CLI to Swap the Management Interface

This task is only required if your architecture places the VM-Series firewall behind the Google Cloud Platform internal load balancer.
If you did not specify metadata to swap the management interface (MGT) with the dataplane interface when you deployed the firewall, you can use the CLI to enable the firewall to receive dataplane traffic on the primary interface.
  1. Deploy the VM-Series Firewall from Google Cloud Platform Marketplace.
    Before you proceed, verify that the firewall has a minimum of two network interfaces (eth0 and eth1). If you launch the firewall with only one interface, the interface swap command causes the firewall to boot into maintenance mode.
  2. On the Google Cloud Console, view the VM instance details to verify the network interface IP addresses of the eth1 interface and verify that any security rules allow connections (HTTPS and SSH) to the new management interface (eth1).
  3. Log in to the VM-Series firewall CLI and enter the following command:
    set system setting mgmt-interface-swap enable yes
    You can view the default mapping from the command line interface. The output is similar to this:
    > debug show vm-series interfaces all
    Interface_name  Base-OS_port
      mgt              eth0
      Ethernet1/1      eth1
      Ethernet1/2      eth2
  4. Confirm that you want to swap the interface (use the eth1 dataplane interface as the management interface).
  5. Reboot the firewall for the swap to take effect:
    request restart system
  6. Verify that the interfaces have been swapped:
    debug show vm-series interfaces all