I haven't much of this kind of work personally, but I'm sure I overheard my colleague talking to a customer about this very subject last week and the general impression I got was tagging=yes, trunking=no.
In fact, I haven't found any documents/information about configuring trunk on McAfee Firewall Enterprise. I see only supporting 802.1q vlan tagging in datasheet document.
I am looking at the network diagram and it appears that you simply need the firewall to have multiple VLANs on the same physical interface? The Firewall Enterprise will not have an issue doing this.
If I am misunderstanding, please let me know.
Yes, One firewall interface is trunk port. McAfee Firewall Enterprise will protect a VLAN from other VLANs by Firewall Rules. How can we define the physical interface as a trunk port ?
It is pretty simple actually, you simply create a new vlan interface and configure it for the correct physical nic. You can then create another vlan interface and configure it for the same physical nic.
Thanks Mtuma ,
I will try as your guide. Have you configured McAfee Firewall as this case ?
I haven't personally, but I know of customers who have.
I'm not sure whether the term VLAN Trunking has additional meaning, but certainly what Matt has described is possible.
We have one customer who needed to connect multiple DMZs to his appliance, but didn't have enough spare interfaces to be able to connect them directly. He used a VLAN-capable switch to provide the physical connectivity to his DMZ segments and the connected a single port from that switch to his Firewall appliance. On his Firewall appliance and created multiple VLAN interfaces and assigned them to this one physical interface like this:-
From here he was able to create rules allowing access to/from each of these subnets. But, as you can see, each of these VLAN entries is associated with a single physical interface (em6).