Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

4-10

WAN and LAN Configuration

May 2004, 202-10030-02

Port Triggering Rules

This table lists the current rules:

•

Enable - Indicates if the rule is enabled or disabled. Generally, there is no need to disable a rule

unless it interferes with some other function, such as Port Forwarding.

•

Name - The name for this rule.

•

Outgoing Ports - The port or port range for outgoing traffic. An outgoing connection using one

of these ports will Trigger this rule.

•

Incoming Ports - The port or port range used by the remote system when it responds to the

outgoing request. A response using one of these ports will be forwarded to the PC which

triggered this rule.

Adding a new Rule

Figure 4-4:

Port Trigger Add

To add a new rule, click the

Add

and enter the following data on the resulting screen.

•

Name - enter a suitable name for this rule (e.g. the name of the application)

•

Enable/Disable - select the desired option.

•

Outgoing (Trigger) Port Range - enter the range of port numbers used by the application when

it generates an outgoing request.

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

WAN and LAN Configuration

4-11

May 2004, 202-10030-02

•

Incoming (Response) Port Range - enter the range of port numbers used by the remote system

when it responds to the PC's request.

Modifying or Deleting an existing Rule

1.

Select the desired rule by clicking the radio button beside the rule.

2.

Click

Edit

or

Delete

as desired.

Checking Operation and Status

To see which rules are currently being used, click the

Status

button. The following data will be

displayed:

•

Rule - the name of the Rule.

•

LAN IP Address - The IP address of the PC currently using this rule.

•

Open Ports - the Incoming ports which are associated the this rule. Incoming traffic using one

of these ports will be sent to the IP address above.

•

Time Remaining - The time remaining before this rule is released, and thus available for other

PCs. This timer is restarted whenever incoming or outgoing traffic is received.

Configuring Dynamic DNS

If your network has a permanently assigned IP address, you can register a domain name and have

that name linked with your IP address by public Domain Name Servers (DNS). However, if your

Internet account uses a dynamically assigned IP address, you will not know in advance what your

IP address will be, and the address can change frequently. In this case, you can use a commercial

dynamic DNS service, which will allow you to register your domain to their IP address, and will

forward traffic directed to your domain to your frequently-changing IP address.

The firewall contains a client that can connect to a dynamic DNS service provider. To use this

feature, you must select a service provider and obtain an account with them. After you have

configured your account information in the firewall, whenever your ISP-assigned IP address

changes, your firewall will automatically contact your dynamic DNS service provider, log in to

your account, and register your new IP address.

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

4-12

WAN and LAN Configuration

May 2004, 202-10030-02

How to Configure Dynamic DNS

1.

Log in to the firewall at its default LAN address of

with its default user

name of

admin

, default password of

password

, or using whatever password and LAN address

you have chosen for the firewall.

2.

From the Main Menu of the browser interface, under Advanced, click Dynamic DNS.

3.

Click the radio button for the dynamic DNS service you will use. Access the Web site of the

dynamic DNS service providers whose, and register for an account.

For example, for TZO.com, go to

www.TZO.com

.

4.

Click Apply to save your configuration.

Using Static Routes

Static Routes provide additional routing information to your firewall. Under normal

circumstances, the firewall has adequate routing information after it has been configured for

Internet access, and you do not need to configure additional static routes. You must configure

static routes only for unusual cases such as multiple routers or multiple IP subnets located on your

network.

Static Route Example

As an example of when a static route is needed, consider the following case:

•

Your primary Internet access is through a cable modem to an ISP.

•

You have an ISDN router on your home network for connecting to the company where

you are employed. This router’s address on your LAN is 192.168.0.100.

•

Your company’s network is 134.177.0.0.

Note:

If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the

dynamic DNS service will not work because private addresses will not be routed on the

Internet.

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

WAN and LAN Configuration

4-13

May 2004, 202-10030-02

When you first configured your firewall, two implicit static routes were created. A default route

was created with your ISP as the gateway, and a second static route was created to your local

network for all 192.168.0.x addresses. With this configuration, if you attempt to access a device on

the 134.177.0.0 network, your firewall will forward your request to the ISP. The ISP forwards your

request to the company where you are employed, and the request will likely be denied by the

company’s firewall.

In this case you must define a static route, telling your firewall that 134.177.0.0 should be accessed

through the ISDN router at 192.168.0.100. The static route would look like

Figure 4-6

.

In this example:

•

The Destination IP Address and IP Subnet Mask fields specify that this static route applies to

all 134.177.x.x addresses.

•

The Gateway IP Address fields specifies that all traffic for these addresses should be

forwarded to the ISDN router at 192.168.0.100.

•

A Metric value of 1 will work since the ISDN router is on the LAN.

This represents the number of routers between your network and the destination. This is a

direct connection so it is set to 1.

•

Private is selected only as a precautionary security measure in case RIP is activated.

How to Configure Static Routes

1.

Log in to the firewall at its default LAN address of

with its default user

name of

admin

, default password of

password

, or using whatever password and LAN address

you have chosen for the firewall.

2.

From the Main Menu of the browser interface, under Advanced, click on Static Routes to view

the Static Routes menu, shown in

Figure 4-5

.

Figure 4-5:

Static Routes Table

Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2

4-14

WAN and LAN Configuration

May 2004, 202-10030-02

3.

To add or edit a Static Route:

a.

Click the Edit button to open the Edit Menu, shown below.

Figure 4-6:

Static Route Entry and Edit Menu

b.

Type a route name for this static route in the Route Name box under the table.

This is for identification purpose only.

c.

Select Active to make this route effective.

d.

Select Private if you want to limit access to the LAN only.

The static route will not be reported in RIP.

e.

Type the Destination IP Address of the final destination.

f.

Type the IP Subnet Mask for this destination.

If the destination is a single host, type 255.255.255.255.

g.

Type the Gateway IP Address, which must be a router on the same LAN segment as the

firewall.

h.

Type a number between 1 and 15 as the Metric value.

This represents the number of routers between your network and the destination. Usually,

a setting of 2 or 3 works, but if this is a direct connection, set it to 1.

4.

Click Apply to have the static route entered into the table.