Network Interface Card (NIC) Settings

By default, each interface is set to automatically negotiate the link speed. In the Advanced settings for an interface, you can set the interface speed, maximum packet size (MTU), and enable an override MAC address.

A VLAN or Bridge network takes the lowest available MTU value from their assigned network interfaces. For more information, go to the knowledge base article VLAN or Bridge networks take the lowest available MTU value.

Some models have limitations on the NIC settings supported for some interfaces:

  • For Firebox M590 and M690 models, interfaces 8 and 9 support only 10 Gbps full duplex (FD).

For a Firebox to receive jumbo frames (Ethernet frames larger than 1500 bytes), you must first increase the interface MTU to the frame size you want the interface to accept. The maximum configurable MTU size is 9000 bytes.

Configure NIC Settings

By default, the Link Speed is set to Auto Negotiate. We recommend that you do not change this setting unless instructed to do so by Technical Support. If you set the link speed manually and other devices on your network do not support the speed you select, this can cause a conflict that can cause your Firebox interface not to reconnect after a failover.

  1. Select Network > Interfaces.
  2. Select the interface you want to configure. Click Edit.
  3. Select the Advanced tab.

Interface Advanced settings for NIC, Link Speed, MTU, and MAC Address Override

  1. In the Link Speed drop-down list, select Auto Negotiate if you want the Firebox to select the best network speed. You can also select one of the half duplex or full duplex speeds that you know is compatible with your other network equipment.
  2. In the MTU text box, specify the maximum packet size, in bytes, that can be sent through the interface. We recommend that you use the default, 1500 bytes, unless your network equipment requires a different packet size.
    You can set the MTU from a minimum of 68 to a maximum of 9000.
  3. To change the MAC address of the external interface, select the Override MAC Address check box and type the new MAC address.
  1. Select Network > Configuration.
  2. Click the interface you want to configure, and then click Configure.
  3. Select the Advanced tab.

Interface Advanced settings for NIC, Link Speed, MTU, and MAC Address Override

  1. In the Link Speed drop-down list, select Auto Negotiate if you want the Firebox to select the best network speed. You can also select one of the half-duplex or full-duplex speeds that you know is compatible with your other network equipment.
  2. In the Maximum Transmission Unit (MTU) text box, specify the maximum packet size, in bytes, that can be sent through the interface. We recommend that you use the default, 1500 bytes, unless your network equipment requires a different packet size.
    You can set the MTU from a minimum of 68 to a maximum of 9000.
  3. To change the MAC address of the external interface, select the Override MAC Address check box and type the new MAC address.

You can see the negotiated link speed in the Status Report tab in Firebox System Manager.

You can see the negotiated link speed in the Interfaces dashboard in Fireware Web UI.

About MAC Addresses

Some ISPs use a MAC address to identify the computers on their network. Each MAC address gets one static IP address. If your ISP uses this method to identify your computer, then you must change the MAC address of the Firebox external interface. Use the MAC address of the cable modem, DSL modem, or router that connected directly to the ISP in your original configuration.

The MAC address must have these properties:

  • The MAC address must use 12 hexadecimal characters. Hexadecimal characters have a value between 0 and 9 or between “a” and “f.”
  • The MAC address must operate with:
    • One or more addresses on the external network.
    • The MAC address of the trusted network for the device.
    • The MAC address of the optional network for the device.
  • The MAC address must not be set to 000000000000 or ffffffffffff.

If the Override MAC Address check box is not selected when the Firebox is restarted, the device uses the default MAC address for the external network.

To avoid problems with MAC addresses, the Firebox makes sure that the MAC address you assign to the external interface is unique on your network. If the Firebox detects another device that uses the same MAC address, the Firebox changes back to the standard MAC address for the external interface and starts again.

MAC address override is not supported for FireCluster.