Configure an Existing Physical Interface for Switch Port Mode

(Optional) Check the Protected Port check box to set this switch port as protected, so you can prevent the switch port from communicating with other protected switch ports on the same VLAN. You might want to prevent switch ports from communicating with each other if: the devices on those switch ports are primarily accessed from other VLANs; you do not need to allow intra-VLAN access; and you want to isolate the devices from each other in case of infection or other security breach. For example, if you have a DMZ that hosts three web servers, you can isolate the web servers from each other if you apply this option to each switch port. The inside and outside networks can both communicate with all three web servers, and vice versa, but the web servers cannot communicate with each other.

For the Usage Type, select Access or Trunk. See Switch Port Mode Interfaces for FTD to determine which port type you need.

• If you select Trunk, you must select one VLAN interface as the Native Trunk VLAN to forward untagged traffic and at least one Associated VLAN to forward tagged traffic. Click the icon to view the existing physical interfaces. You can select up to 20 VLAN interfaces as associated VLANs.

• You can create a new VLAN interface set to Access mode by clicking C reate new VLAN.