When configuring network interfaces for the first time, the mapping of the interface names to their MAC addresses and the order of the interface names (e.g., eth0, eth1, eth2...) are assigned automatically by the system. On virtual systems, you can increase the number of network interfaces up to the maximum number supported by your hypervisor. Note that adding additional interfaces on some hypervisors may reorder the interface name assignment. Use MAC to interface mapping to resolve this issue. For more information, see How to Configure MAC to Interface Mapping.
Before You Begin
Find out which network driver is needed for your network adapter/interface.
(optional) Step 1. Add Additional Network Interfaces to Your Firewall
- Shut down your firewall.
- Add the new network interface to the hypervisor.
- Power up your firewall.
Step 2. Configure Network Interface(s)
- Go to CONFIGURATION > Configuration Tree > Box > Network .
- In the left menu, click Interfaces.
- Click Lock.
- In the Network Interface Cards table section:
- To add an interface card, click +. For more information on the NIC settings, go to the Interface Settings section.
- To change the number of active interface ports on your current interface card, click edit and make your changes. For more information on the NIC settings, go to the Interface Settings section.
- If settings in the Physical Interfaces table are not updated dynamically, select no from the Interface Computation list. In this case, you must manually update the settings. For more information on the physical interface settings, see the following Interface Settings section.
- Click Send Changes and Activate.
Step 3. Activate The Network Configuration
You must activate the network changes to add the network devices.
- Go to CONTROL > Box.
- In the left menu, expand the Network section and click Activate new network configuration.
Select Failsafe. The 'Failsafe Activation Succeeded' message is displayed after your new network configurations have been successfully activated.
(optional) Step 4. Remap MAC Addresses to Interface Names
After adding additional network interfaces to a firewall and configuring them (or after removing interfaces from a configuration), the mapping of the network interface names to the MAC address may differ from the order the firewall expects. In such cases, you must explicitly bind the mapping from the interface names to the corresponding MAC address. For more information, see How to Configure MAC to Interface Mapping.
The firewall can now transmit data over the new network interfaces.
Interface Parameters Description
Network Interface Cards Table
Descriptions of the settings that you can configure in the Network Interface Cards table:
|NIC Type||This information is used for logical consistency checks. In conjunction with the specified number of interfaces, it is possible to check whether a particular interface may be referenced in some of the other sections. Available NICs: Ethernet.|
Driver Module Name
The driver that is used for the NIC. See the list of supported NICs to verify that your card is supported.
If the firmware version of your firewall is 6.2, select the driver name for your network interface in the Driver Module Name list.
If you want to load a driver that is not listed, select the Other check box and enter the driver name in the Driver Module Name field that must be loaded into the the Linux kernel.
Number of Interfaces
The number of NIC interfaces that can be used simultaneously. This indicates the number of ports and not the number of cards of the particular type. For example, one dual-port NIC counts as two interfaces, but one combo-type card with support for three different connectors (for example, BNC, AUI, RJ45) counts as one because only one connection is active at one time. If you enter
This setting is used with module-based driver support. Note that several interface-specific option strings may be added to this table. They are formatted as:
with N being the number of interfaces.
(Advanced Configuration Mode) Activates an alternative NIC driver that is defined via the Fallback Module Name and Fallback Driver Options settings. This setting might be helpful during and after updating sequences. If the primary driver does not work, the fallback driver is used. If the fallback driver does not work, both drivers are loaded.
Fallback Module Name/Fallback Driver Options
(Advanced Configuration Mode) The fallback driver to be used for the NIC. Only recommended cards are listed. If you require a card that is not listed, see the list of supported NICs to verify that your card is supported.
|Enable or disable the driver.|
(Advanced Configuration Mode)
(Advanced Configuration Mode) Specifies if driver support is module-based or kernel-based. Default is Loadable_Module.
The MTU size for an Ethernet NIC. Packets exceeding this value are fragmented when sent. This MTU is used as the default value for all existing interfaces. To specify an MTU for an interface, edit its MTU setting in the Physical Interfaces table.
MTUs can also be set for virtual LANs, box network, additional networks, and standard routing. The maximum accepted MTU of the next hop is used.
Physical Interfaces Table
The MTU for the interface. This setting overrides the MTU that is entered in the Network Interface Cards table.
If nothing else has been configured, all recognized interfaces are generally available by default. Interfaces can be claimed for exclusive use by xDSL (connection type: PPPOE) and DHCP links (see How to Configure an ISP with Dynamic IP Addresses (DHCP)). When an interface has been claimed as modem interface or DHCP interface, its usage status is set to Reserved. If an interface is claimed by multiple services concurrently, its usage status is set to Overbooked.
An interface that has not been claimed by a service is flagged with none. Interfaces claimed by xDSL or DHCP links are flagged with xdsl or dhcp, respectively, followed by the link name as specified in the xDSL/DHCP configuration area when creating the link. For example, xdsl::xDSLLinkName.
|Name of NIC|
The NIC name as specified in the Network Interface Cards table.
The NIC type as specified in the Network Interface Cards table.
The driver module name as defined in the Network Interface Cards table.
If the driver module does not support static network speed and duplex mode settings, you can select no in order to manually enter these settings for Forced Speed and Duplex Mode.
|Forced Speed [Mpbs]|
The static network speed for the NIC. To manually set the forced speed, select 10, 100, or 1000 Mbps.
The static duplex mode for the NIC. To manually set the duplex mode, select half or full.