Miss match ports configuration in hardware

[nitish.patel]

There are two similar hardware firewall of local vender with similar configurations, when I install the nano image in both of them in one hardware device physical port no. 5 is taking as igb0, and in another hardware device physical port no. 6 is taking as igb0, how to harden this?

Cheers,
Nitish

[CJ]

What do you mean by harden?  I forget the exact method FreeBSD uses to determine the order but it's probable that the boards are wired slightly differently regarding chipsets and switches.

The underlying name of the interface doesn't really matter.  You can set any of them to WAN, LAN, etc during the install or afterwards via the interface assignment screen.

[nitish.patel]

By harden I mean that once assigned the interface should not change because, the firewall policies/rules are made based on physical ports and their names, igb0, igb1, etc. so if I have made a policy for igb0 and it gets assigned on the boot to physical port number 5 instead of physical port number 6 on the next reboot, it will actually be hampering the entire security policies implemented. Both the hardware devices are having same chipset, ram, hard disk, compact flash card, etc. so ideally it should be assigned same port names to the physical ports of the hardware, as like physical firewall.

Cheers,
Nitish

[CJ]

The interfaces won't change on reboot.  They only change if the hardware changes.  For example, I swapped out a 1g NIC for a 2.5g NIC which caused my em devices to change do to the removal of the em NIC and replacement with igb.  But that doesn't happen otherwise.

If you're wanting to export a config from one box and import it into another with the exact same hardware, that should work.  But it sounds like you're not dealing with the exact same hardware so I'm not sure why you would expect the OS to see different hardware as the same.

[nitish.patel]

It is the very same hardware for both the devices however the console port is not functioning, could it be the reason?

[CJ]

I doubt it as that wouldn't be using a NIC driver.

Some linux distros have moved to using slot location and connection for naming their devices.  You could try one of those and see what they report for the various NICs.

I'm assuming this is something like a Qotom or Protectly where these are built in NICs and not add on cards.  Have you considered just labeling the NICs on the outside so that you use that instead of the port order to plug them in?  That way you'll have the same setup even if the cables are in different port order.