Configuring a Unique MAC Identifier (asg_unique_mac_utility)

Background

When there are more than one Security GroupClosed A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. on a Layer 2 segment, the Unique MAC Identifier must be different for each Security Group.

The Unique MAC Identifier is assigned by default during the initial setup.

The last octet of the management interface MAC address is the Unique MAC Identifier.

The last octet of the management interface MAC address is set for these data interface types:

  • Interfaces with names in the "ethX-YZ" format

  • Bond interfaces

  • VSX wrp interfaces

  • VLAN interfaces

If there is no configured management interface, the Unique MAC Identifier is assigned the default value 254.

Use the "asg_unique_mac_utility" command in Gaia gClishClosed The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. or the Expert mode to set:

  • Data interface Unique MAC Identifier

  • Host name

Configuring the Unique MAC Identifier Manually

Step

Instructions

1

Connect to the command line on the Security Group.

2

Run this command in Gaia gClish or the Expert mode:

asg_unique_mac_utility

3

Select an option from the menu and follow the instructions on the screen.

Example:

-----------------------------------------------
| Unique MAC Utility                          |
-----------------------------------------------
| HOSTNAME [MySecurityGroup]                  |
| Unique MAC [192]                            |
-----------------------------------------------
 
Choose one of the following options:
------------------------------------
1) Set Hostname with Unique MAC wizard
2) Apply Unique MAC from current HOSTNAME
3) Manual set Unique MAC
4) Exit

4

Reboot the Security Group to apply the new Unique MAC Identifier:

reboot -b all

Options of the Unique MAC Identifier Utility

The options for setting the Unique MAC Identifier are:

The "_asg" suffix and the setup number, between 1 and 254, are added to the setup name.

Example:

Setup Name

Suffix

Setup number

My_SG

_asg

22

This creates a new host name with a Unique MAC Identifier of 22.

The setup number replaces the Unique MAC Identifier default value of 254.

New Host Name

Unique MAC Identifier

My_SG_asg22

22

After reboot, all data interface MAC addresses have the new Unique MAC Identifier value 16.

Example:

eth1-01 00:1C:7F:XY:ZW:16

Note - The last octet for eth1-01, shown in bold, is 16 hex (22 decimal).

Assign a new Unique MAC Identifier to the interfaces.

The new Unique MAC Identifier is created from the setup number in the host name.

The current host name must first comply with the setup name number convention:

/asg suffix/setup

Set the Unique MAC Identifier to the default value of 254.