When the pod is started for the first time/without any firewall configuration, a default configuration will be generated. This configuration will contain the basic network parameters that could be identified from the environment during start-up. This include IPs and networks/routes on the Ethernet interfaces exposed to the pod. It also includes DNS server(s) and a default SSH remote management object to allow access to the CLI from the pod network (eth0) with default access credentials (admin:admin). Networks/routes are added as static objects and won't automatically change if the pod is restarted. IP addresses on the interfaces are created as dynamic address objects that will change at every start-up.
For each Ethernet interface a number of IP address objects will be created in the default configuration. These IP address objects will be assigned values run-time. The names of the address objects will be based on the interface name (in the pod specification/environment). This name will be used as a prefix and the following address objects will be created:
<prefix>_cni_ip
Contains all IP addresses assigned to the interface if the firewall is not part of an HA cluster, otherwise it contains no IP addresses. Will be set as the IPAddress property on the EthernetInterface.
<prefix>_cni_priv0
Contains the first IPv4 address and the first IPv6 address assigned to the interface if the firewall is the master node of an HA cluster, otherwise no IP addresses. Will be set as the PrivateIP.0 property on the EthernetInterface.
<prefix>_cni_priv1
Contains the first IPv4 address and the first IPv6 address assigned to the interface if the firewall is the slave node of an HA cluster, otherwise no IP addresses. Will be set as the PrivateIP.1 property on the EthernetInterface.
<prefix>_cni_br
The broadcast address, will be set as the IP4Broadcast property on the EthernetInterface.
<prefix>_cni_ip4_<#>
eth0_cni_ip4_1, eth0_cni_ip4_2 etc. for as many IPv4 addresses that are assigned to the interface. These are not used anywhere in the default configuration but provides flexibility to the admin if multiple addresses are assigned with different purposes.
<prefix>_cni_ip6_<#>
Same as above but for IPv6 addresses.
There is no point in assigning IPs to these address objects, since they will always use the dynamically assigned value, so for instance if a different address than what eth0_cni_ip contains should be used as IP address on eth0 then change the IPAddress property on the EthernetInterface object instead of trying to change the value of eth0_cni_ip.