26

|

Chapter 2:

Connecting the VPN Firewall to the Internet

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

Enter the following data in the Add Protocol Binding section on screen:

a.

Service

. From the drop-down list, choose the desired service or application to be

covered by this rule. If the desired service or application does not appear in the list,

you must define it using the Services screen (see

“Adding Customized Services”

on

page 57).

b. Source Network

. These settings determine which computers on your network are

affected by this rule. Select the desired options:

•

Any

. All PCs and devices on your LAN.

•

Single address

. Enter the required address and the rule will be applied to that

particular PC.

•

Address range

. If this option is selected, you must enter the start and finish fields.

•

Group 1-Group 8

. If this option is selected, the devices assigned to this group will

be affected. (You may also assign a customized name to the group. See

Edit

Group Names

on the

Groups and Hosts

screen in the

LAN Groups

submenu.)

c. Destination Network

. These settings determine which Internet locations are

covered by the rule, based on their IP address. Select the desired option:

•

Any

. All Internet IP address are covered by this rule.

•

Single address

. Enter the required address in the start field.

•

Address range

. If this option is selected, you must enter the start and finish fields.

4.

Click

Add

to save this rule

.

The new Protocol Binding Rule will be enabled and added to the Protocol Binding Table

for the WAN1 port.

5.

Open the

WAN2 Protocol Bindings

tab and repeat the previous steps to set protocol

bindings for the WAN2 port.

Configuring Dynamic DNS (Optional)

Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP

addresses to be located using Internet domain names. To use DDNS, you must setup an

account with a DDNS provider such as DynDNS.org, TZO.com, Oray.net, or 3322.org. (Links

to DynDNS, TZO, Oray, and 3322 are provided for your convenience on the Dynamic DNS

Configuration screen.) The VPN firewall firmware includes software that notifies dynamic

DNS servers of changes in the WAN IP address, so that the services running on this network

can be accessed by others on the Internet.

If your network has a permanently assigned IP address, you can register a domain name and

have that name linked with your IP address by public Domain Name Servers (DNS).

However, if your Internet account uses a dynamically assigned IP address, you will not know

in advance what your IP address will be, and the address can change frequently—hence, the

need for a commercial DDNS service, which allows you to register an extension to its

domain, and restores DNS requests for the resulting FQDN to your frequently-changing IP

address.

Chapter 2:

Connecting the VPN Firewall to the Internet

|

27

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

After you have configured your account information in the network storage, whenever your

ISP-assigned IP address changes, your network storage will automatically contact your

DDNS service provider, log in to your account, and register your new IP address.

You may need to use a fully qualified domain name (FQDN):

•

For auto-rollover mode, you will need a FQDN to implement features such as exposed

hosts and virtual private networks regardless of whether you have a fixed or dynamic IP

address.

•

For load balancing mode, you may still need a FQDN either for convenience or if you

have a dynamic IP address.

Note:

If your ISP assigns a private WAN IP address such as 192.168.x.x

or 10.x.x.x, the dynamic DNS service will not work because private

addresses will not be routed on the Internet.

To configure dynamic DNS:

1.

Select Network Configuration > Dynamic DNS from the menu and click the

Dynamic

DNS Configuration

tab. The Dynamic DNS Configuration screen is displayed.

The Current WAN Mode section reports the currently configured WAN mode. (For

example, Single Port WAN1, Load Balancing or Auto Rollover.) Only those options that

match the configured WAN Mode will be accessible.

2.

Select the tab for the DDNS service provider you will use.

28

|

Chapter 2:

Connecting the VPN Firewall to the Internet

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

3.

Click the information or registration link in the upper right corner for registration

information.

4.

Access the website of the DDNS service provider and register for an account (for

example, for dyndns.org, go to

).

5.

For each WAN port, click the

Yes

radio button for

Change DNS to

<

your desired DDNS

service

> and configure the active fields:

a.

Enter the account information for the service you have chosen (for example, user

name, password, key, or domain).

b.

If your DDNS provider allows the use of wild cards in resolving your URL, you may

select the

Use wildcards

checkbox to activate this feature. For example, the

wildcard feature will cause

*.yourhost.dyndns.org

to be aliased to the same IP

address as

yourhost.dyndns.org

c.

If your WAN IP address does not change often, you may need to force a periodic

update to the DDNS service to prevent your account from expiring. If it appears, you

can select the

Update every 30 days

checkbox to enable a periodic update.

6.

Click

Apply

to save your configuration.

Configuring the Advanced WAN Options (Optional)

To configure the Advanced WAN options:

1.

Select Network Configuration > WAN Settings from the menu. The WAN1 ISP Settings

screen is displayed.

2.

Click the

Advanced

link to the right of the tabs.

The WAN1

Advanced Options

screen is displayed:

3.

Edit the default

information you

want to change.

Chapter 2:

Connecting the VPN Firewall to the Internet

|

29

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

a.

MTU Size

. The normal MTU (Maximum Transmit Unit) value for most Ethernet

networks is 1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs, you

may need to reduce the MTU. This is rarely required, and should not be done unless

you are sure it is necessary for your ISP connection.

b. Port Speed

. In most cases, your VPN firewall can automatically determine the

connection speed of the WAN port. If you cannot establish an Internet connection

and the WAN Link or Speed LED blinks continuously, you may need to manually

select the port speed. AutoSense is the default.

If you know that the Ethernet port on your broadband modem supports 100BaseT,

select

100BaseT Half_Duplex

; otherwise, select

10BaseT Half_Duplex

. Use the

half-duplex settings unless you are sure you need full duplex.

c. Router's MAC Address

. Each computer or router on your network has a unique

32-bit local Ethernet address. This is also referred to as the computer's MAC (Media

Access Control) address. The default is

Use default address

. However, if your ISP

requires MAC authentication, then select either of these options:

•

Use this Computer's MAC address to have the VPN firewall use the MAC address

of the computer you are now using, or

•

Use This MAC Address to manually type in the MAC address that your ISP

expects.

The format for the MAC address is 01:23:45:67:89:AB (numbers 0-9 and either

uppercase or lowercase letters A-F). If you select

Use This MAC Address

and then

type in a MAC address, your entry will be overwritten.

4.

Click

Apply

to save your changes.

Additional WAN Related Configuration

•

If you want the ability to manage the network storage remotely, enable remote

management at this time (see

“Enabling Remote Management Access”

on page 139). If

you enable remote management, we strongly recommend that you change your

password (see

“Changing Passwords and Administrator Settings”

on page 137).

•

At this point, you can set up the traffic meter for each WAN. See

“Enabling the Traffic

Meter”

on page 149.

Chapter 3:

LAN Configuration

|

30

LAN Configuration

3

This chapter describes how to configure the advanced LAN features of your ProSafe Dual WAN

Gigabit Firewall with SSL & IPsec VPN FVS336Gv2.

This chapter contains the following sections

•

Choosing the VPN Firewall DHCP Options

” on this page.

•

“Configuring the LAN Setup Options”

on page 31.

•

“Managing Groups and Hosts (LAN Groups)”

on page 34.

•

“Configuring Multi Home LAN IP Addresses”

on page 38.

•

“Configuring Static Routes”

on page 39.

•

“Configuring Routing Information Protocol (RIP)”

on page 40.

Choosing the VPN Firewall DHCP Options

By default, the network storage will function as a DHCP (Dynamic Host Configuration

Protocol) server, allowing it to assign IP, DNS server, WINS Server, and default gateway

addresses to all computers connected to the network storage’s LAN. The assigned default

gateway address is the LAN address of the network storage. IP addresses will be assigned to

the attached PCs from a pool of addresses that you must specify. Each pool address is

tested before it is assigned to avoid duplicate addresses on the LAN.

For most applications, the default DHCP and TCP/IP settings of the VPN firewall are

satisfactory. See the link to the online document

TCP/IP Networking Basics

in Appendix D for

information about how to assign IP addresses for your network.

If another device on your network will be the DHCP server, or if you will manually configure

the network settings of all of your computers, clear the

Enable DHCP server

radio box by

selecting the

Disable DHCP Server

radio box. Otherwise, leave it checked.

Specify the pool of IP addresses to be assigned by setting the starting IP address and ending

IP address. These addresses should be part of the same IP address subnet as the network

storage’s LAN IP address. Using the default addressing scheme, you should define a range