All you need to know about networking in Checkpoint firewall SecurePlatform FAQ


Q. How do I see available interfaces, errors on them , IP addresses .

Q. How do I see routing table of the firewall.

Q. How do I see duplex, speed, physical link status of the interface .

Q. How do I manually set duplex, speed, autonegotiation settings of an interface.

Q. How do I save changes to the interface duplex ,speed or autonegotiaiton permanently.

Q. How do I add, delete, change routes.

Q. How do I delete, change IP address on the interface.

Q. How do I add, change, delete VLAN .

Q. How do I see existing VLANs .

Q. Can I combine few interfaces into one logical interface .

Q. How do I shut and unshut an interface.

Q. How do I see available interfaces, errors on them , IP addresses .

A. # ifconfig

Q. How do I see routing table of the firewall.

A. # route -en

    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface<br></br>
    19.247.195.20   0.0.0.0         255.255.255.252 U         0 0          0 External<br></br>
    10.123.123.0    0.0.0.0         255.255.255.224 U         0 0          0 Lan1<br></br>

Legend:
Gateway - via which gateway this network is available, 0.0.0.0 means this network is configured locally on the interface
Iface - name of the interface via which this network is reachable

Q. How do I see duplex, speed, physical link status of the interface .

A. # ethtool
e.g. # ethtool External

Settings for External:  
        Supported ports: [ TP MII ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
        Supports auto-negotiation: Yes
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
        Advertised auto-negotiation: Yes
        Speed: 100Mb/s
        Duplex: Full
        Port: MII
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: on
        Supports Wake-on: g
        Wake-on: g
        Current message level: 0x00000007 (7)
        Link detected: yes

Q. How do I manually set duplex, speed, autonegotiation settings of an interface.

A. # ethtool -s speed 100
ethtool -s duplex full
ethtool -s autoneg off
IMPORTANT: the changes above will be active until reboot of the firewall, to set them permanently see below.

Q. How do I save changes to the interface duplex ,speed or autonegotiaiton permanently.

A. # eth_set [10h|10f|100h|100f|1000h|1000f|autoneg]
e.g # eth_set Lan1 100f

Q. How do I add, delete, change routes.

A. Using #sysconfig utility and its interactive menu (option 6) .

Q. How do I delete, change IP address on the interface

A. # sysconfig then option 5 .

Q. How do I add, change, delete VLAN .

A. # sysconfig , then option 5 .

Q. How do I see existing VLANs .

A Either via #sysconfig , then option 5 or ifconfig, VLAN interfaces will have format of . .
e.g. # ifconfig
eth7.301 Link encap:Ethernet HWaddr 00:1B:4A:CF:26:71

Q. Can I combine few interfaces into one logical interface .

A. Yes , such interface is called Bond. Note that out of all interfaces added to the Bond interface, only one will be active and passing the traffic, the rest will be in standby mode in case active interface fails. NOTE 2 In new versions it is possible to have bond in Load Sharing mode.

Q. How do I shut and unshut an interface.

A. #ifconfig down
#ifconfig up