Deep Security 10.2 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Configure teamed NICs
"Teamed NICs" or "link aggregation" describes forming a network link on a computer by using multiple network interface cards (NICs) together. This is useful to increase the total network bandwidth, or to provide link redundancy.
You can configure teamed NICs on Windows or Solaris so that they are compatible with Deep Security Agent.
Windows
On Windows, when you team NICs, it creates a new master virtual interface. This virtual interface adopts the MAC address of its first teamed physical interface.
By default, during installation or upgrade, the Windows Agent will bind to all virtual and physical interfaces. This includes the virtual interface created by NIC teaming. However, Deep Security Agent doesn't function properly if multiple interfaces have the same MAC address, which happens with NIC teaming on Windows
To avoid that, bind the agent only to the teamed virtual interface — not the physical interfaces.
Solaris
IPMP failover (active-standby) mode in Solaris allows two NICs to have the same hardware (MAC) address. Since the Deep Security Agent identifies network adapters by their MAC address, such duplication prevents the agent from functioning properly.
To avoid that, manually assign a unique MAC address to each network adapter.
For example, you could use ifconfig to view the current MAC addresses:
# ifconfig -a
hme0: flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.20.30.40 netmask 0
ether 8:0:20:f7:c3:f
hme1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 8
inet 0.0.0.0 netmask 0
ether 8:0:20:f7:c3:f
The "ether" line displays the adapter's MAC address. If any interfaces have the same MAC addresses, and are connected to the same subnet, you must manually set new unique MAC addresses:
# ifconfig <interface> ether <new MAC address>
Although the chance of a MAC address conflict is extremely small, you should verify that there isn't one by using the snoop command to search for the MAC address, then use the ping command to test connectivity to the subnet's broadcast address.