Interface Types in ScreenOS Devices Overview

The Interface screen displays the physical interfaces available on the security device. Some security devices support functional zone interfaces, which are either a separate physical MGMT interface for management traffic or a high availability (HA) interface used to link two devices together to form a redundant group or cluster.

Interfaces and subinterfaces enable traffic to enter and exit a security zone. To enable network traffic to flow in and out of a security zone, you must bind an interface to that zone and, if it is a Layer 3 zone, assign it an IP address. You can assign multiple interfaces to a zone, but you cannot assign a single interface to multiple zones.

Note: Not all devices support all features described in this guide. For device-specific datasheets that include an updated feature list for each device, go to: This link is provided for your convenience and may change without notice. You can also find this information by going to the Juniper website (

Interface Types

You can add the interfaces on a security device as described in Table 21.

Table 21: Interface Types

Interface Types


Aggregate interface

A logical interface that combines two or more physical interfaces on the device, for the purpose of sharing the traffic load to a single IP address. This type of interface is only supported on certain security device systems.

Multilink interface

On available devices, you configure and access multiple serial links called a bundle, through a virtual interface called a multilink interface. The multilink interface emulates a physical interface for the transport of frames.

Loopback interface

A logical interface that emulates a physical interface and is always in the up state.

Virtual security interfaces (VSIs)

The virtual interfaces that two security devices share when forming a virtual security device (VSD) in a high availability cluster.

Redundant interface

Two physical interfaces bound to the same security zone. One of the two physical interfaces acts as the primary interface and handles all the traffic directed to the redundant interface; the other physical interface acts as a backup.


A logical division of a physical interface. A subinterface borrows the bandwidth it needs from the physical interface.

Tunnel interface

Acts as a doorway to a VPN tunnel. Traffic enters and exits a VPN tunnel through a tunnel interface. When you configure a tunnel interface, you can also encapsulate IP multicast packets in GREv1 unicast packets.

ADSL interface

A NetScreen-5GT ADSL security device uses ATM as its Transport Layer. The interface can support multiple permanent virtual circuits (PVCs) on a single physical line. Before you can configure the adsl1 interface, however, you must obtain the DSLAM configuration details for the ADSL connection from the service provider.

WAN subinterface

A logical division of a physical WAN interface. This type of interface is only supported on available devices.

ISDN BRI interface

Integrated Services Digital Network (ISDN) is an international communications standard for sending voice, video, and data over digital telephone lines. ISDN in NSM supports Basic Rate Interface (BRI).

Wireless interface

A NetScreen-5GT Wireless security device interface handles wireless traffic to and from that wireless access point (WAP).

For information about configuring specific interface types, see Example: Configuring an Aggregate Interface (NSM Procedure).

Related Documentation