Print Download PDF Send Feedback

Previous

Next

Preparing the Security Gateway

Step

Description

1

Select a designated physical interface for Mirror and Decrypt on the Security Gateway, or each cluster member.

Important - On cluster members, you must select an interface with the same name (for example, eth3 on each cluster member).

2

Configure a dummy IP address on this designated physical interface.

Important - This IP address cannot collide with other IP addresses used in your environment. This IP address cannot belong to subnets used in your environment. Make sure to configure the correct subnet mask. After you enable traffic mirroring on this interface in SmartConsole, all other traffic that is routed to this interface is dropped.

For instructions about configuring an IP address on a physical interface, see R80.20 Gaia Administration Guide - Chapter Network Management - Section Network Interfaces - Section Physical Interfaces.

3

Configure the required Maximum Transmission Unit (MTU) on this designated physical interface.

MTU has to be the default 1500, or at least the maximal MTU value from other interfaces on the Security Gateway.

For instructions about configuring an MTU on a physical interface, see R80.20 Gaia Administration Guide - Chapter Network Management - Section Network Interfaces - Section Physical Interfaces.

4

Important: On cluster members, you must configure this designated physical interface in the $FWDIR/conf/discntd.if file on each Cluster Member:

  1. Connect to the command line.
  2. Log in to the Expert mode.
  3. Create the $FWDIR/conf/discntd.if file:

    # touch $FWDIR/conf/discntd.if

  4. Edit the $FWDIR/conf/discntd.if file in the Vi editor:

    # vi $FWDIR/conf/discntd.if

  5. Write the name of the designated physical interface. After the interface name, you must press Enter.

    Note - Comments are not allowed in this file.

  6. Save the changes in the file and exit the Vi editor.

Note - To apply the configuration from the file and make it persistent, install an Access Control Policy on the cluster object. You install the Access Control Policy later, after the required configuration steps in the SmartConsole.