Configuring a Unique MAC Identifier (asg_unique_mac_utility)

Background

When there are more than one Security GroupClosed A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. on a Layer 2 segment, the Unique MAC Identifier must be different for each Security Group.

The Unique MAC Identifier is assigned by default during the initial setup.

The last octet of the management interface MAC address is the Unique MAC Identifier.

The last octet of the management interface MAC address is set for these data interface types:

  • Interfaces with names in the "ethX-YZ" format

  • Bond interfaces

  • VSX wrp interfaces

  • VLAN interfaces

If there is no configured management interface, the Unique MAC Identifier is assigned the default value 254.

Use the "asg_unique_mac_utility" command in Gaia gClishClosed The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. or the Expert mode to set:

  • Data interface Unique MAC Identifier

  • Host name

Configuring the Unique MAC Identifier Manually

Step

Instructions

1

Connect to the command line on the Security Group.

2

Run this command in Gaia gClish or the Expert mode:

asg_unique_mac_utility

3

Select an option from the menu and follow the instructions on the screen.

Example:

-----------------------------------------------
| Unique MAC Utility                          |
-----------------------------------------------
| HOSTNAME [MySecurityGroup]                  |
| Unique MAC [192]                            |
-----------------------------------------------
 
Choose one of the following options:
------------------------------------
1) Set Hostname with Unique MAC wizard
2) Apply Unique MAC from current HOSTNAME
3) Manual set Unique MAC
4) Exit

4

Reboot the Security Group to apply the new Unique MAC Identifier:

reboot -b all

Options of the Unique MAC Identifier Utility

The options for setting the Unique MAC Identifier are: