Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding another NIC totally breaks XG Firewall and all dependent rules

Hi.  I have been running XG firewall with 2 NICs - LAN and WAN.  I decided to add another for DMZ and it totally breaks the firewall.  All NICs get reassigned.  Port 1 LAN becomes DMZ, Port 2 WAN becomes LAN, and the newly added Port 2 becomes LAN instead of the unassigned DMZ.  This is crazy.  It wouldn't be so bad if it didn't break all of my rules the depend on Port 2 being WAN, which means when I reassign the new Port 3 to WAN the interface name changes and all business rules that depended on Port2_GW_DHCP get abandoned since this interface no longer exists.

Is this expected?  Is there a simple way to rename ports and reassign them to their old name, role, and position?  This seems like a major bug.



This thread was automatically locked due to age.
Parents
  • It seems as though this strategy may work until you reach 5 NIC's. When I add a Network Adapter from VMware, it seems to assign them in this order: 

    1. /sys/devices/pci0000:00/0000:00:15.0
    2. /sys/devices/pci0000:00/0000:00:16.0
    3. /sys/devices/pci0000:00/0000:00:17.0
    4. /sys/devices/pci0000:00/0000:00:18.0
    5. /sys/devices/pci0000:00/0000:00:15.1

    However, the XG Firewall seems to use this order:

    1. /sys/devices/pci0000:00/0000:00:15.0
    2. /sys/devices/pci0000:00/0000:00:15.1
    3. /sys/devices/pci0000:00/0000:00:16.0
    4. /sys/devices/pci0000:00/0000:00:17.0
    5. /sys/devices/pci0000:00/0000:00:18.0

    I've even attempted to add Network Adapters one by one, stopping the VM between each addition. Nothing seems to work. Any ideas?

Reply
  • It seems as though this strategy may work until you reach 5 NIC's. When I add a Network Adapter from VMware, it seems to assign them in this order: 

    1. /sys/devices/pci0000:00/0000:00:15.0
    2. /sys/devices/pci0000:00/0000:00:16.0
    3. /sys/devices/pci0000:00/0000:00:17.0
    4. /sys/devices/pci0000:00/0000:00:18.0
    5. /sys/devices/pci0000:00/0000:00:15.1

    However, the XG Firewall seems to use this order:

    1. /sys/devices/pci0000:00/0000:00:15.0
    2. /sys/devices/pci0000:00/0000:00:15.1
    3. /sys/devices/pci0000:00/0000:00:16.0
    4. /sys/devices/pci0000:00/0000:00:17.0
    5. /sys/devices/pci0000:00/0000:00:18.0

    I've even attempted to add Network Adapters one by one, stopping the VM between each addition. Nothing seems to work. Any ideas?

Children
No Data