Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

WAN and LAN Configuration

5-3

December 2003, M-10041-01

The firewall will deliver the following parameters to any LAN device that requests DHCP:

•

An IP Address from the range you have defined

•

Subnet Mask

•

Gateway IP Address is the firewall’s LAN IP address

•

Primary DNS Server, if you entered a Primary DNS address in the Basic Settings menu;

otherwise, the firewall’s LAN IP address

•

Secondary DNS Server, if you entered a Secondary DNS address in the Basic Settings menu

How to Configure LAN TCP/IP Setup Settings

1.

Log in to the firewall at its default LAN address of

with its default user

name of

admin

, default password of

password

, or using whatever password and LAN address

you have chosen for the firewall.

2.

From the Main Menu, under Advanced, click the LAN IP Setup link to view the menu, shown

below.

Figure 5-1:

LAN IP Setup Menu

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

5-4

WAN and LAN Configuration

December 2003, M-10041-01

3.

Enter the LAN TCP/IP and DHCP parameters.

4.

Click Apply to save your changes.

How to Configure Reserved IP Addresses

When you specify a reserved IP address for a PC on the LAN, that PC will always receive the

same IP address each time it accesses the firewall’s DHCP server. Reserved IP addresses should be

assigned to servers that require permanent IP settings.

To reserve an IP address:

1.

Click the Add button.

2.

In the IP Address box, type the IP address to assign to the PC or server.

Choose an IP address from the router’s LAN subnet, such as 192.168.0.X.

3.

Type the MAC Address of the PC or server.

Note:

If the PC is already present on your network, you can copy its MAC address from the

Attached Devices menu and paste it here.

4.

Click Apply to enter the reserved address into the table.

Note:

The reserved address will not be assigned until the next time the PC contacts the router's

DHCP server. Reboot the PC or access its IP configuration and force a DHCP release and

renew.

To edit or delete a reserved address entry:

1.

Click the button next to the reserved address you want to edit or delete.

2.

Click Edit or Delete.

Configuring WAN Settings

The WAN Setup menu allows configuration of WAN services such as automatic connection, DMZ

server, enabling diagnostic PING tests on the WAN interface, setting the MTU size, and the WAN

port speed,. These features can be found under the Advanced WAN Setup heading in the Main

Menu of the browser interface.

These features are discussed below.

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

WAN and LAN Configuration

5-5

December 2003, M-10041-01

Connecting Automatically, as Required

Normally, this option should be Enabled, so that an Internet connection will be made

automatically, whenever Internet-bound traffic is detected. However, if this causes high connection

costs, you can disable this setting.

If disabled, you must connect manually, using the sub-screen accessed from the "Connection

Status" button on the Status screen.

Setting Up a Default DMZ Server

The default DMZ server feature is helpful when using some online games and videoconferencing

applications that are incompatible with NAT. The firewall is programmed to recognize some of

these applications and to work properly with them, but there are other applications that may not

function well. In some cases, one local PC can run the application properly if that PC’s IP address

is entered as the default DMZ server.

Incoming traffic from the Internet is normally discarded by the firewall unless the traffic is a

response to one of your local computers or a service that you have configured in the Ports menu.

Instead of discarding this traffic, you can have it forwarded to one computer on your network. This

computer is called the Default DMZ Server.

How to Assign a Default DMZ Server

1.

Click Default DMZ Server check box.

2.

Type the IP address for that server.

3.

Click Apply.

Note:

For security, you should avoid using the default DMZ server feature. When a

computer is designated as the default DMZ server, it loses much of the protection of the

firewall, and is exposed to many exploits from the Internet. If compromised, the

computer can be used to attack your network.

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

5-6

WAN and LAN Configuration

December 2003, M-10041-01

Responding to Ping on Internet WAN Port

If you want the firewall to respond to a 'ping' from the Internet, click the ‘Respond to Ping on

Internet WAN Port’ check box. This should only be used as a diagnostic tool, since it allows your

firewall to be discovered. Don't check this box unless you have a specific reason to do so.

How to Set the MTU Size

The normal MTU (Maximum Transmit Unit) value for most Ethernet networks is 1500 bytes or

1492 Bytes for PPPoE connections. For some ISPs you may need to reduce the MTU. But this is

rarely required, and should not be done unless you are sure it is necessary for your ISP connection.

Any packets sent through the firewall that are larger than the configured MTU size will be

repackaged into smaller packets to meet the MTU requirement.

To change the MTU size:

1.

Under MTU Size, select Custom.

2.

Enter a new size between 64 and 1500.

3.

Click Apply to save the new configuration.

Configuring Dynamic DNS

If your network has a permanently assigned IP address, you can register a domain name and have

that name linked with your IP address by public Domain Name Servers (DNS). However, if your

Internet account uses a dynamically assigned IP address, you will not know in advance what your

IP address will be, and the address can change frequently. In this case, you can use a commercial

dynamic DNS service, which will allow you to register your domain to their IP address, and will

forward traffic directed to your domain to your frequently-changing IP address.

The firewall contains a client that can connect to a dynamic DNS service provider. To use this

feature, you must select a service provider and obtain an account with them. After you have

configured your account information in the firewall, whenever your ISP-assigned IP address

changes, your firewall will automatically contact your dynamic DNS service provider, log in to

your account, and register your new IP address.

Model FVS328 ProSafe VPN Firewall with Dial Back-up Reference Manual

WAN and LAN Configuration

5-7

December 2003, M-10041-01

How to Configure Dynamic DNS

1.

Log in to the firewall at its default LAN address of

with its default user

name of

admin

, default password of

password

, or using whatever password and LAN address

you have chosen for the firewall.

2.

From the Main Menu of the browser interface, under Advanced, click Dynamic DNS.

3.

Click the radio button for the dynamic DNS service you will use. Access the website of the

dynamic DNS service providers whose, and register for an account.

For example, for TZO.com, go to

www.TZO.com

.

4.

Click Apply to save your configuration.

5.

Click Status to see the login in progress.

Using Static Routes

Static Routes provide additional routing information to your firewall. Under normal

circumstances, the firewall has adequate routing information after it has been configured for

Internet access, and you do not need to configure additional static routes. You must configure

static routes only for unusual cases such as multiple routers or multiple IP subnets located on your

network.

Static Route Example

As an example of when a static route is needed, consider the following case:

•

Your primary Internet access is through a cable modem to an ISP.

•

You have an ISDN router on your home network for connecting to the company where

you are employed. This router’s address on your LAN is 192.168.0.100.

•

Your company’s network is 134.177.0.0.

Note:

If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the

dynamic DNS service will not work because private addresses will not be routed on the

Internet.