Skip to main content
Cajuntank
Cajuntank
Contributor III
April 30, 2026
Question

Multiple interface feature...thoughts?

  • April 30, 2026
  • 2 replies
  • 53 views

I have a firewall that has a few VLANs and physical interfaces that I have turned on the Multiple interface feature and creating those subsequent policies. Working through some oddities (or maybe I just have not dug deep enough into) that seem to choosing a “catch-all” at the bottom of my list before it processes the policy above it that’s specific to the traffic. Like said, still digging some into this. Just wanted to get some feedback on how or if people like this feature, caveats I might want to watch for, etc…  Thanks. 

2 replies

AEK
SuperUser
AEK
SuperUser
April 30, 2026

I always prefer avoid it. I find one interface to one interface rules give better visibility and control, and less human errors.

AEK
    Cajuntank
    CajuntankAuthor
    Contributor III
    May 3, 2026

    Yeah, I was taking a foray into it. It seemed like a good idea at the time, but then I felt the “loss of control”...LOL. I ended up not liking it after having to chase down weirdness it created for me, so I reverted back to my 1:1. Thanks for your opinion.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    April 30, 2026

    Not sure what you’re referring as “Multiple Interface feature”. But if that’s what I’m thinking (one policy for 1:n or n:n interface combinations), that feature is always on without needing enabled.
    In case many interfaces exist for the same policies like IPsec interfaces, you should bundle them in a zone. And, it you can’t bundle those interfaces because the types/functions of those logical interfaces are different and have to be connected to different set of destination interfaces, that’s more likely network topology design/modeling problems causing over-complication at the GW/FW.

    Since no details, just a general comment.

    Toshi

      Cajuntank
      CajuntankAuthor
      Contributor III
      May 3, 2026

      This is the Multiple Interface Policies feature. I’m still on 7.4.11 and it was not on by default. This might be different for newer revs… not sure. I thought I’d take a shot to see if I like it or not and get some opinions on it. I guess I’m more old school in that thought and just was not for me. Thanks.

      Terms & ConditionsAccessibility statement