All you need to know about networking in Checkpoint firewall SecurePlatform

All you need to know about networking in Checkpoint firewall SecurePlatform FAQ

A. # ifconfig

A. # route -en

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
19.247.195.20   0.0.0.0         255.255.255.252 U         0 0          0 External
10.123.123.0    0.0.0.0         255.255.255.224 U         0 0          0 Lan1

Legend:
Gateway – via which gateway this network is available, 0.0.0.0 means this network is configured locally on the interface
Iface – name of the interface via which this network is reachable

A. # ethtool <name of the interface you want to check, names are case-sensitive>
e.g. # ethtool External
Settings for External:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supports auto-negotiation: Yes
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: MII
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: g
Current message level: 0×00000007 (7)
Link detected: yes

A. # ethtool -s <name of interface> speed 100
ethtool -s <name of interface> duplex full
ethtool -s <name of interface> autoneg off
IMPORTANT: the changes above will be active until reboot of the firewall, to set them
permanently see below.

A. # eth_set <interface> [10h|10f|100h|100f|1000h|1000f|autoneg]
e.g # eth_set Lan1 100f

A. Using #sysconfig utility and its interactive menu (option 6) .

A. # sysconfig then option 5 .

A. # sysconfig , then option 5 .

A Either via #sysconfig , then option 5 or ifconfig, VLAN interfaces will have format of <physical interface name>.<vlan number> .
e.g. # ifconfig
eth7.301 Link encap:Ethernet HWaddr 00:1B:4A:CF:26:71

A. Yes , such interface is called Bond. Note that out of all interfaces added to the Bond interface, only one will be active and passing the traffic, the rest will be in standby mode in case active interface fails.
NOTE 2 In new versions it is possible to have bond in Load Sharing mode.

A. #ifconfig <interface name > down
# ifconfig <interface name > up

This entry was posted in CheckPoint. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s