I have noticed that with the R81.20 installer during the text GUI install on a Dell R740, The interface order is numbered as I would have expected compared to older hardware. After the server is installed and then latest HFA is installed on it (Jumbo 90), The interface order is different. Some of the interfaces skip between interfaces on the same 4 port card. I am unsure if it changed after the install completed and it reboot or after the HFA 90 update (I would think after HFA 90, but either could be problematic. This happened on both gateways that will be part of a cluster so it isn't a one off thing. Both had the same behavior. No updates to the BIOS or anything firmware wise during this time frame.
The goal is to make sure that CPUSE upgrades remotely (HFA, Major version, etc) do not cause interface changes that could break things. At least knowing what the limitations are for each method as far as interfaces changing order.
This is how they were detected during the text installation wizard from the CDinstaller for R81.20...
0 1 2 3 7 6 5 4 11 10 9 8
This is how they are now after the install and Jumbo 90 is installed...
0 1 4 5 3 2 11 10 9 8 7 6
This is all before policy, SIC, etc. Just installing to get it ready.
I can either leave them as they are after the install with J90 in mixed up order or I can change them to what they were in the installer using sk69621 (/etc/udev/rules.d/00-OS-XX.rules file). The fact that they already changed and the note below from sk69621 mentioning that they can still change after an upgrade has me concerned that there is no solution to make sure they are consistent for upgrades of any kind.
This in mentioned in sk69621:
"The rule is not persistent after upgrade or SecurePlatform Hotfix - need to apply the procedure again"
What is not clear is do they consider an HFA upgrade and major version upgrade the same for this behavior. I would have expected the .rules file to be retained so that there are no surprises (especially for remote work).
I have never experienced this before with the Checkpoint firewalls so this behavior is new to me since i have been using it for many many years now on OpenPlatform. I never worried that interfaces would change on an upgrade. It sounds like every upgrade, on open platform at a minimum, that it is possible for interface names to change.
With all of that said, I guess the questions are...
1. Is this expected behavior that this can happen for the installer to not match the interface order after it is installed and patched using CPUSE?
2. Is this expected behavior that this can happen for HFA upgrades using CPUSE?
3. Is this expected behavior that this can happen for major version upgrades using CPUSE?
4. If any of these answers are yes, is there a setting to make the .rules file persistent during upgrades or some other mechanism to make sure they don't change?
