Configure the VTEP Source Interface
You can configure one VTEP source interface per threat defense device. The VTEP is defined as a Network Virtualization Endpoint (NVE). VXLAN is the default encapsulation type. An exception is made for clustering on the threat defense virtual in Azure, where you can use one VTEP source interface for the cluster control link and a second one for the data interface connected to the Azure GWLB.
Procedure
Step 1 | If you want to specify a group of peer VTEPs, add a network object with the peer IP addresses. See Creating Network Objects. |
Step 2 | Choose . |
Step 3 | Click Edit ( |
Step 4 | (Optional) Specify that the source interface is NVE-only. This setting is optional for routed mode where this setting restricts traffic to VXLAN and common management traffic only on this interface. This setting is automatically enabled for transparent firewall mode.
|
Step 5 | Click VTEP if it is not already displaying. |
Step 6 | Check Enable NVE. |
Step 7 | Click Add VTEP. |
Step 8 | For the Encapsulation Type, choose VxLAN. For AWS, you can choose between VxLAN and Geneve. Other platforms have VxLAN chosen automatically. |
Step 9 | Enter the value for the Encapsulation port within the specified range. The default value is 4789. |
Step 10 | Select the VTEP Source Interface. Select from the list of available physical interfaces present on the device. If the source interface MTU is less than 1554 bytes for IPv4 or 1574 bytes for IPv6, then the management center automatically raises the MTU to 1554 bytes or 1574 bytes. |
Step 11 | Select the Neighbor Address. The available options are:
|
Step 12 | Click OK. |
Step 13 | Click Save. |
Step 14 | Configure the routed interface parameters. See Configure Routed Mode Interfaces. |
) next to the device on which you want to configure VXLAN.