Page 26 / 203 Scroll up to view Page 21 - 25
26
|
Chapter 2:
Connecting the VPN Firewall to the Internet
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
Enter the following data in the Add Protocol Binding section on screen:
a.
Service
. From the drop-down list, choose the desired service or application to be
covered by this rule. If the desired service or application does not appear in the list,
you must define it using the Services screen (see
“Adding Customized Services”
on
page 57).
b. Source Network
. These settings determine which computers on your network are
affected by this rule. Select the desired options:
Any
. All PCs and devices on your LAN.
Single address
. Enter the required address and the rule will be applied to that
particular PC.
Address range
. If this option is selected, you must enter the start and finish fields.
Group 1-Group 8
. If this option is selected, the devices assigned to this group will
be affected. (You may also assign a customized name to the group. See
Edit
Group Names
on the
Groups and Hosts
screen in the
LAN Groups
submenu.)
c. Destination Network
. These settings determine which Internet locations are
covered by the rule, based on their IP address. Select the desired option:
Any
. All Internet IP address are covered by this rule.
Single address
. Enter the required address in the start field.
Address range
. If this option is selected, you must enter the start and finish fields.
4.
Click
Add
to save this rule
.
The new Protocol Binding Rule will be enabled and added to the Protocol Binding Table
for the WAN1 port.
5.
Open the
WAN2 Protocol Bindings
tab and repeat the previous steps to set protocol
bindings for the WAN2 port.
Configuring Dynamic DNS (Optional)
Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP
addresses to be located using Internet domain names. To use DDNS, you must setup an
account with a DDNS provider such as DynDNS.org, TZO.com, Oray.net, or 3322.org. (Links
to DynDNS, TZO, Oray, and 3322 are provided for your convenience on the Dynamic DNS
Configuration screen.) The VPN firewall firmware includes software that notifies dynamic
DNS servers of changes in the WAN IP address, so that the services running on this network
can be accessed by others on the Internet.
If your network has a permanently assigned IP address, you can register a domain name and
have that name linked with your IP address by public Domain Name Servers (DNS).
However, if your Internet account uses a dynamically assigned IP address, you will not know
in advance what your IP address will be, and the address can change frequently—hence, the
need for a commercial DDNS service, which allows you to register an extension to its
domain, and restores DNS requests for the resulting FQDN to your frequently-changing IP
address.
Page 27 / 203
Chapter 2:
Connecting the VPN Firewall to the Internet
|
27
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
After you have configured your account information in the network storage, whenever your
ISP-assigned IP address changes, your network storage will automatically contact your
DDNS service provider, log in to your account, and register your new IP address.
You may need to use a fully qualified domain name (FQDN):
For auto-rollover mode, you will need a FQDN to implement features such as exposed
hosts and virtual private networks regardless of whether you have a fixed or dynamic IP
address.
For load balancing mode, you may still need a FQDN either for convenience or if you
have a dynamic IP address.
Note:
If your ISP assigns a private WAN IP address such as 192.168.x.x
or 10.x.x.x, the dynamic DNS service will not work because private
addresses will not be routed on the Internet.
To configure dynamic DNS:
1.
Select Network Configuration > Dynamic DNS from the menu and click the
Dynamic
DNS Configuration
tab. The Dynamic DNS Configuration screen is displayed.
The Current WAN Mode section reports the currently configured WAN mode. (For
example, Single Port WAN1, Load Balancing or Auto Rollover.) Only those options that
match the configured WAN Mode will be accessible.
2.
Select the tab for the DDNS service provider you will use.
Page 28 / 203
28
|
Chapter 2:
Connecting the VPN Firewall to the Internet
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
3.
Click the information or registration link in the upper right corner for registration
information.
4.
Access the website of the DDNS service provider and register for an account (for
example, for dyndns.org, go to
).
5.
For each WAN port, click the
Yes
radio button for
Change DNS to
<
your desired DDNS
service
> and configure the active fields:
a.
Enter the account information for the service you have chosen (for example, user
name, password, key, or domain).
b.
If your DDNS provider allows the use of wild cards in resolving your URL, you may
select the
Use wildcards
checkbox to activate this feature. For example, the
wildcard feature will cause
*.yourhost.dyndns.org
to be aliased to the same IP
address as
yourhost.dyndns.org
c.
If your WAN IP address does not change often, you may need to force a periodic
update to the DDNS service to prevent your account from expiring. If it appears, you
can select the
Update every 30 days
checkbox to enable a periodic update.
6.
Click
Apply
to save your configuration.
Configuring the Advanced WAN Options (Optional)
To configure the Advanced WAN options:
1.
Select Network Configuration > WAN Settings from the menu. The WAN1 ISP Settings
screen is displayed.
2.
Click the
Advanced
link to the right of the tabs.
The WAN1
Advanced Options
screen is displayed:
3.
Edit the default
information you
want to change.
Page 29 / 203
Chapter 2:
Connecting the VPN Firewall to the Internet
|
29
ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual
a.
MTU Size
. The normal MTU (Maximum Transmit Unit) value for most Ethernet
networks is 1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs, you
may need to reduce the MTU. This is rarely required, and should not be done unless
you are sure it is necessary for your ISP connection.
b. Port Speed
. In most cases, your VPN firewall can automatically determine the
connection speed of the WAN port. If you cannot establish an Internet connection
and the WAN Link or Speed LED blinks continuously, you may need to manually
select the port speed. AutoSense is the default.
If you know that the Ethernet port on your broadband modem supports 100BaseT,
select
100BaseT Half_Duplex
; otherwise, select
10BaseT Half_Duplex
. Use the
half-duplex settings unless you are sure you need full duplex.
c. Router's MAC Address
. Each computer or router on your network has a unique
32-bit local Ethernet address. This is also referred to as the computer's MAC (Media
Access Control) address. The default is
Use default address
. However, if your ISP
requires MAC authentication, then select either of these options:
Use this Computer's MAC address to have the VPN firewall use the MAC address
of the computer you are now using, or
Use This MAC Address to manually type in the MAC address that your ISP
expects.
The format for the MAC address is 01:23:45:67:89:AB (numbers 0-9 and either
uppercase or lowercase letters A-F). If you select
Use This MAC Address
and then
type in a MAC address, your entry will be overwritten.
4.
Click
Apply
to save your changes.
Additional WAN Related Configuration
If you want the ability to manage the network storage remotely, enable remote
management at this time (see
“Enabling Remote Management Access”
on page 139). If
you enable remote management, we strongly recommend that you change your
password (see
“Changing Passwords and Administrator Settings”
on page 137).
At this point, you can set up the traffic meter for each WAN. See
“Enabling the Traffic
Meter”
on page 149.
Page 30 / 203
Chapter 3:
LAN Configuration
|
30
LAN Configuration
3
This chapter describes how to configure the advanced LAN features of your ProSafe Dual WAN
Gigabit Firewall with SSL & IPsec VPN FVS336Gv2.
This chapter contains the following sections
Choosing the VPN Firewall DHCP Options
” on this page.
“Configuring the LAN Setup Options”
on page 31.
“Managing Groups and Hosts (LAN Groups)”
on page 34.
“Configuring Multi Home LAN IP Addresses”
on page 38.
“Configuring Static Routes”
on page 39.
“Configuring Routing Information Protocol (RIP)”
on page 40.
Choosing the VPN Firewall DHCP Options
By default, the network storage will function as a DHCP (Dynamic Host Configuration
Protocol) server, allowing it to assign IP, DNS server, WINS Server, and default gateway
addresses to all computers connected to the network storage’s LAN. The assigned default
gateway address is the LAN address of the network storage. IP addresses will be assigned to
the attached PCs from a pool of addresses that you must specify. Each pool address is
tested before it is assigned to avoid duplicate addresses on the LAN.
For most applications, the default DHCP and TCP/IP settings of the VPN firewall are
satisfactory. See the link to the online document
TCP/IP Networking Basics
in Appendix D for
information about how to assign IP addresses for your network.
If another device on your network will be the DHCP server, or if you will manually configure
the network settings of all of your computers, clear the
Enable DHCP server
radio box by
selecting the
Disable DHCP Server
radio box. Otherwise, leave it checked.
Specify the pool of IP addresses to be assigned by setting the starting IP address and ending
IP address. These addresses should be part of the same IP address subnet as the network
storage’s LAN IP address. Using the default addressing scheme, you should define a range

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top