Detect and configure the interfaces available on a computer

The Computer and Policy editors contain an Interfaces (in the Computer editor) and Interface Types (in the Policy editor) section that displays the interfaces detected on the computer. If a policy with multiple interface assignments has been assigned to the computer, interfaces that match the patterns defined in the policy will be identified.

The Interface Types section of the Policy editor provides additional capabilities:

Configure a policy for multiple interfaces

If you have computers with more than one interface, you can assign various elements of a policy (firewall rules, etc.) to each interface.

  1. In the Policy editor, click Interface Types.
  2. In the Network Interface Specificity section, select Rules can apply to specific interfaces
  3. In the Interface Type sections that appear, type the names and pattern matching strings.

The interface type name is used only for reference. Common names include "LAN", "WAN", "DMZ", and "Wi-Fi", though any name can be used to map to your network's topology.

The interface name used for all container network interfaces and host virtual interfaces is "integrated_veth", which has a MAC address of 02:00:00:00:00:00.

The matches define a wildcard-based interface name to auto map the interfaces to the appropriate interface type. Examples would be "Local Area Connection *", "eth*", or"Wireless *". When an interface cannot be mapped automatically, an alert is triggered. You can manually map it from the Interfaces page in the computer editor for a particular computer.

If Deep Security detects interfaces on the computer that don't match any of these entries, the manager will trigger an alert.

Enforce interface isolation

When Interface Isolation is enabled, the firewall will try to match the regular expression patterns to interface names on the local computer. To enforce interface isolation, click Enable Interface Isolation option on the Policy or Computer Editor > Firewall > Interface Isolation tab and enter string patterns that will match the names of the interfaces on a computer (in order of priority).

Before you enable Interface Isolation make sure that you have configured the interface patterns in the proper order and that you have removed or added all necessary string patterns. Only interfaces matching the highest priority pattern will be permitted to transmit traffic. Other interfaces (which match any of the remaining patterns on the list) will be "restricted". Restricted Interfaces will block all traffic unless an Allow Firewall Rule is used to allow specific traffic to pass through.

Selecting Limit to one active interface will restrict traffic to only a single interface even if more than one interface matches the highest priority pattern.

Deep Security uses POSIX basic regular expressions to match interface names. For information on basic POSIX regular expressions, see https://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap09.html#tag_09_03