Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Setting Physical Link Attributes for Interfaces


Set attributes of the physical link for the interface:

  • Physical Settings.

    • Extended Bandwidth Settings—Use the Egress Bandwidth options to set the minimum (or guaranteed) and maximum bandwidth allowed to pass through the security device. Be careful not to allocate more bandwidth than the interface can support because you might lose data if the guaranteed bandwidth on contending policies surpasses the traffic bandwidth set on the interface.

For security devices running ScreenOS 5.3, you can also manage the flow of traffic through the security device by limiting bandwidth at the point of ingress. To configure the maximum amount of traffic allowed at the point of ingress interface, set the number of kilobits per second (kbps) using the Ingress Minimum Bandwidth field.

For more information about configuring traffic shaping parameters, see Allocating Network Bandwidth Using Traffic Shaping Options.

  • Holddown Time—Use this option to configure the amount of time (in milliseconds) that the security device uses to bring the interface up or down after detecting a change in the link status.

  • Bring Down Link—Select this option to bring down the physical link to the interface.

  • Link and MTU Size.

  • WebAuth

    • Enable Webauth—Select this option to enable device administrators to authenticate management connections to the device using WebAuth.

    • WebAuth IP—Enter the IP address of the WebAuth service on the interface.

    • Allow Webauth via SSL only (ScreenOS 5.1 and later only)—Select this option to require WebAuth users to use SSL when connecting to the WebAuth IP address on a device running ScreenOS 5.1 and later. When this option is disabled, device administrators can access the WebAuth IP address of the interface using clear text.


      When you enable WebAuth, you must also enable SSL as a service option for the interface. For details, see Enabling Management Service Options for Interfaces.

    • Gratuitous ARP—To avoid G-ARP attacks by allowing users to enable or disable G-ARP on devices running on ScreenOS 6.1 or later.

  • Deny Routing.

  • Port Settings.

  • Proxy ARP Entry—Import ARP traffic to the correct VSI by allowing the administrator to set the proxy ARP entry with lower and upper IP addresses. By adding a proxy ARP entry on an interface, ScreenOS imports the traffic that is destined to the IP range using this interface.