16

WAN Interface Settings – Using Static IP

If you are using

Static IP

you have

to fill in the IP address information

provided to you by your ISP. All fields

are required except the Secondary

DNS Server. You should probably not

use the numbers displayed in these

fields, they are only used as an

example.

•

IP Address

– The IP

address

of

the

WAN

interface.

This

is

the

address that may be used to ping the firewall, remotely control it and be used as

source address for dynamically translated connections.

•

Subnet Mask

– Size of the external network.

•

Gateway IP

– Specifies the IP address of the default gateway used to reach for

the Internet.

•

Primary and Secondary DNS Server

– The IP addresses of your DNS servers,

only the Primary DNS is required.

WAN Interface Settings – Using DHCP

If you are using

DHCP

there is no

need to enter any values in any of

fields.

WAN Interface Settings – Using PPPoE

Use the following procedure to

configure

the

DFL-200

external

interface to use PPPoE (Point-to-Point

Protocol

over

Ethernet).

This

configuration is required if your ISP

uses PPPoE to assign the IP address

of the external interface. You will have

to fill the username and password

provided to you by your ISP.

•

Username

– The login or

username supplied to you

by your ISP.

•

Password

–

The

password supplied to you by your ISP.

•

Service Name

– When using PPPoE some ISPs require you to fill in a Service

Name.

•

Primary and Secondary DNS Server

– The IP addresses of your DNS servers,

these are optional and are often provided by the PPPoE service.

18

WAN Interface Settings – Using PPTP

PPTP over Ethernet connections

are used in some DSL and cable

modem networks.

You need your account details, and

possibly

also

IP

configuration

parameters of the actual physical

interface that the PPTP tunnel runs

over. Your ISP should supply this

information.

•

Username

– The login or

username supplied to you

by your ISP.

•

Password

–

The

password supplied to you

by your ISP.

•

PPTP Server IP

– The IP

of the PPTP server that

the

DFL-200

should

connect to.

Before PPTP can be used to connect to you ISP the physical (WAN) interface parameters

need to be supplied, it’s possible to use either

DHCP

or

Static IP

, this depends on the type of

ISP used and this information should be supplied by them.

If using static IP, this information need to be filled in.

•

IP Address

– The IP address of the

WAN

interface. This IP is used to connect to

the PPTP server.

•

Subnet Mask

– Size of the external network.

•

Gateway IP

– Specifies the IP address of the default gateway used to reach for

the Internet.

WAN Interface Settings – Using BigPond

The ISP Telstra BigPond uses

BigPond for authentication; the IP is

assigned with DHCP.

•

Username

– The login or

username supplied to you

by your ISP.

•

Password

–

The

password supplied to you

by your ISP.

MTU Configuration

To improve the performance of your Internet connection, you can adjust the maximum

transmission unit (MTU) of the packets that the DFL-200 transmits from its external interface.

Ideally, you want this MTU to be the same as the smallest MTU of all the networks between

the DFL-200 and the Internet. If the packets the DFL-200 sends are larger, they get broken up

or fragmented, which could slow down transmission speeds.

Trial and error is the only sure way of finding the optimal MTU, but there are some

guidelines that can help. For example, the MTU of many PPP connections is 576, so if you

connect to the Internet via PPPoE, you might want to set the MTU size to 576. DSL modems

may also have small MTU sizes. Most ethernet networks have an MTU of 1500.

Note:

If you connect to your ISP using DHCP to obtain an IP address for the external

interface, you cannot set the MTU below 576 bytes due to DHCP communication

standards.

Click the

Apply

button below to apply the setting or click Cancel to discard changes.

20

Routing

Click on

System

in the menu bar, and then click

Routing

below it, this will give a list of all

configured routes, it will look something like this:

The Routes configuration section describes the firewall’s routing table. DFL-200 uses a

slightly different way of describing routes compared to most other systems. However, we

believe that this way of describing routes is easier to understand, making it less likely for

users to cause errors or breaches in security.

Interface

– Specifies which interface packets destined for this route shall be sent through.

Network

– Specifies the network address for this route.

Gateway

– Specifies the IP address of the next router hop used to reach the destination

network. If the network is directly connected to the firewall interface, no gateway address is

specified.

Local IP Address

– The IP address specified here will be automatically published on the

corresponding interface. This address will also be used as the sender address in ARP queries.

If no address is specified, the firewalls own interface IP address will be used.

Proxy ARP –

Specifies that the firewall shall publish this route via Proxy ARP.

One advantage with this form of notation is that you can specify a gateway for a particular

route, without having a route that covers the gateway’s IP address or despite the fact that the

route that covers the gateway’s IP address is normally routed via another interface.

The difference between this form of notation and that most commonly used is that there,

you do not specify the interface name in a separate column. Instead, you specify the IP

address of each interface as a gateway.

Note:

The firewall does not Proxy ARP routes on VPN interfaces.