Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Example: Configuring a Loopback Interface (NSM Procedure)


A loopback interface emulates a physical interface on a security device. However, unlike a physical interface, a loopback interface is always in the up state as long as the device on which it resides is up. You might want to use a loopback interface as:

  • The management interface—You can manage the device using either the IP address of a loopback interface or the manage IP address that you assign to a loopback interface.

  • A virtual security interface (VSIs) for NSRP—The physical state of the VSI on the loopback interface is always up. The interface can be active or not, depending upon the state of the VSD group to which the interface belongs.

  • A source interface for specific traffic (such as syslog packets) that originates from the device—When you define a source interface for an application, the specified source interface address is used instead of the outbound interface address to communicate with an external device.

Loopback interfaces are named loopback.id_num, where id_num is a number greater than or equal to 1 (the maximum id_num value you can specify is platform-specific) and denotes a unique loopback interface on the device. Like a physical interface, you must assign an IP address to a loopback interface and bind it to a security zone.


You cannot bind a loopback interface to a HA zone, nor can you configure a loopback interface for Layer 2 operation or as a redundant/aggregate interface. You cannot configure the following features on loopback interfaces: NTP, DNS, VIP, secondary IP, track IP, or WebAuth.

After defining a loopback interface, you can then define other interfaces as members of its group. Traffic can reach a loopback interface if it arrives through one of the interfaces in its group. Any interface type can be a member of a loopback interface group—physical interface, subinterface, tunnel interface, redundant interface, or VSI.

In this example, you create the loopback interface loopback.1, bind it to the Untrust zone, and assign the IP address to it.

To configure a loopback interface:

  1. Add a device.

  2. Configure the loopback interface:

  1. In the device navigation tree, select Network > Interface.

  2. Click the Add icon and select Loopback Interface. The General Properties screen appears.

  3. Configure the following:

    • For zone, select Untrust.

    • For IP Address/Netmask, enter

    • Ensure that Manageable is enabled.

    • Ensure that the Management IP is

  4. Click OK to save the new interface.

  5. Click OK to save your changes to the device.