Checkpoint Secure Platform Tip on Open Servers

When installing Checkpoint SecurePlatform (SPLAT) on an open server with several interfaces, it can be hard to locate the interface number to match the network card. This can also be difficult if you have added a NIC or removed one. Many administrators run into this issue, where they think the interface names and numbers are the same as the old configuration after they do a re-install or full upgrade on the same box. However, after a lot of troubleshooting, they realize SPLAT has re-ordered the interfaces and now they do not match your old config.

To avoid this trap, there are a few ways to deal with this. One way is to watch the console of the box while you pull and plug cables in. After pulling cables from the NICs, the console will indicate that eth1 has been unplugged or eth2 has been unplugged. This is one way to track the interface numbers to NICs but isn’t optimal since it requires you to cause a network outage.

Another easier way to do this is by using the handy ethtool command, native to SPLAT. In expert mode, you can run the following command:

ethtool –p nickname

For example: ethtool –p eth1

Once this command is entered, it will cause an interface to blink – this will be the correct NIC. In our example, the interface that is blinking will be eth1. This can be repeated for all the NICs starting at eth0. Most broadcom NICs will blink many times and stop automatically while Intel NICs will blink constantly until the command is stopped. This trick works well on quad cards and can also be used when your are adding or removing NICs.

Mike A.

Did you find this tip useful? Do you have a tip that you think people should know about? Please leave your thoughts in the comments section below.