36

|

Chapter 3:

LAN Configuration

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

The

Known PCs and Devices

table lists the entries in the LAN Groups Database. For each

computer or device, the following fields are displayed:

•

Name

. The name of the PC or device. For computers that do not support the NetBIOS

protocol, this will be listed as “Unknown” (you can edit the entry manually to add a

meaningful name). If the computer was assigned an IP address by the DHCP server, then

the Name will be appended by an asterisk.

•

IP Address

. The current IP address of the computer. For DHCP clients of the VPN

firewall, this IP address will not change. If a computer is assigned a static IP addresses,

you will need to update this entry manually if the IP address on the computer has been

changed.

•

MAC Address

. The MAC address of the PC’s network interface.

•

Group

. Each PC or device can be assigned to a single group. By default, a computer is

assigned to Group 1, unless a different group is chosen from the

Group

drop-down list.

•

Action

. Allows modification of the selected entry by clicking

Edit

.

Adding Devices to the LAN Groups Database

To add devices manually to the LAN Groups Database, follow these steps:

1.

In the

Add Known PCs and Devices

section, make the following entries:

•

Name

. Enter the name of the PC or device.

•

IP Address Type

. From the drop-down list, choose how this device receives its IP

address. The choices are:

-

Fixed (Set on PC)

. The IP address is statically assigned on the computer.

-

Reserved (DHCP Client)

. Directs the VPN firewall’s DHCP server to always assign

the specified IP address to this client during the DHCP negotiation (see

“Configuring

DHCP Address Reservation”

on page 37).

Note:

When assigning a reserved IP address to a client, the IP address

selected must be outside the range of addresses allocated to the

DHCP server pool.

•

IP Address

.

Enter the IP address that this computer or device is assigned in the IP

Address

field. If the IP Address Type is Reserved (DHCP Client), the VPN firewall will

reserve the IP address for the associated MAC address.

•

MAC Address

.

Enter the MAC address of the computer’s network interface in the

MAC Address

field. The MAC address format is six colon-separated pairs of

hexadecimal characters (0-9 and A-F), such as 01:23:45:67:89:AB.

•

Group

.

From the drop-down list, select the LAN Group to which the computer will be

assigned. (Group 1 is the default group.)

2.

Click

Add

. The device will be added to the

Known PCs and Devices

table.

Chapter 3:

LAN Configuration

|

37

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

3.

(Optional) To enable DHCP Address Reservation after the entry is in the table, select

the checkbox for the new table entry and click

Save Binding

to bind the IP address to

the MAC address for DHCP assignment.

Changing Group Names in the LAN Groups Database

By default, the LAN Groups are named Group1 through Group8. You can rename these

group names to be more descriptive, such as Engineering or Marketing.

To edit the names of any of the eight available groups:

1.

From the

LAN Groups

tab, click the

Edit Group Names

link to the right of the tabs. The

Network Database Group Names screen

appears.

2.

Select the radio button next to any group name to make that name active for editing.

3.

Type a new name in the field.

4.

Select and edit other group names if desired.

5.

Click

Apply

to save your settings.

Configuring DHCP Address Reservation

When you specify a reserved IP address for a device on the LAN (based on the MAC

address of the device), that computer or device will always receive the same IP address each

time it accesses the VPN firewall’s DHCP server. Reserved IP addresses should be assigned

to servers or access points that require permanent IP address settings. The Reserved IP

address that you select must be outside of the DHCP Server pool.

To reserve an IP address, enter the device on the LAN Groups screen, specifying

Reserved

(DHCP Client)

,

as described in

“Adding Devices to the LAN Groups Database”

on page 36.

Note:

The reserved address will not be assigned until the next time the PC

contacts the VPN firewall’s DHCP server. Reboot the PC or access

its IP configuration and force a DHCP release and renew.

38

|

Chapter 3:

LAN Configuration

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

Configuring Multi Home LAN IP Addresses

If you have computers on your LAN using different IP address ranges (for example,

172.16.2.0 or 10.0.0.0), you can add “aliases” to the LAN port, giving computers on those

networks access to the Internet through the VPN firewall. This allows the VPN firewall to act

as a gateway to additional logical subnets on your LAN. You can assign the VPN firewall an

IP address on each additional logical subnet.

To add a secondary LAN IP address:

1.

Select Network Configuration > LAN Settings from the menu, and click the

LAN

Multi-homing

tab. The LAN Multi-homing screen is displayed.

The

Available Secondary LAN IPs

table lists the secondary LAN IP addresses added to

the VPN firewall.

•

IP Address

. The “alias,” an additional IP address hosted by the LAN port of the VPN

firewall. This address will be the gateway for computers on the secondary subnet.

•

Subnet Mask

. The IPv4 subnet mask that defines the range of the secondary subnet.

2.

In the

Add Secondary LAN IP Address

section, enter the additional IP address and

subnet mask to be assigned to the LAN port of the VPN firewall.

3.

Click

Add.

The new Secondary LAN IP address will appear in the

Available Secondary

LAN IPs

table.

Note:

IP addresses on these secondary subnets cannot be configured in

the DHCP server. The hosts on the secondary subnets must be

manually configured with IP addresses, gateway IP addresses, and

DNS server IP addresses.

Tip:

The secondary LAN IP address will be assigned to the LAN interface of

the VPN firewall and can be used as a gateway by computers on the

secondary subnet.

Chapter 3:

LAN Configuration

|

39

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

Configuring Static Routes

Static Routes provide additional routing information to your VPN firewall. Under normal

circumstances, the VPN firewall has adequate routing information after it has been

configured for Internet access, and you do not need to configure additional static routes. You

should configure static routes only for unusual cases such as multiple firewalls or multiple IP

subnets located on your network.

To add or edit a static route:

1.

Select Network Configuration > Routing from the menu. The Routing

screen displays.

2.

Click

Add

. The Add Static Route screen is displayed.

3.

Enter a route name for this static route in the

Route Name

field (for identification and

management).

4.

Select

Active

to make this route effective.

5.

Select

Private

if you want to limit access to the LAN only. The static route will not be

advertised in RIP.

6.

Enter the

Destination IP Address

to the host or network to which the route leads.

7.

Enter the

IP Subnet Mask

for this destination. If the destination is a single host, enter

255.255.255.255.

8.

Enter the

Interface

which is the physical network interface (WAN1, WAN2, or LAN)

through which this route is accessible.

9.

Enter the

Gateway IP Address

through which the destination host or network can be

reached (must be a device on the same LAN segment as the network storage).

40

|

Chapter 3:

LAN Configuration

ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN FVS336Gv2 Reference Manual

10.

Enter the

Metric

priority for this route. If multiple routes to the same destination exit, the

route with the lowest metric is chosen (value must be between 1 and 15).

11.

Click

Apply

to save your settings.

The new static route will be added to the

Static Routes

table.

Configuring Routing Information Protocol (RIP)

RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) that is

commonly used in internal networks (LANs). It allows a router to exchange its routing

information automatically with other routers, and allows it to dynamically adjust its routing

tables and adapt to changes in the network. RIP is disabled by default.

To configure RIP parameters:

1.

Select Network Configuration > Routing from the menu.

2.

Click the

RIP Configuration

link to the right of the tab. The

RIP Configuration

screen

is displayed.

3.

From the

RIP Direction

drop-down list, choose the direction in which the VPN firewall

will send and receive RIP packets. The choices are:

•

None

. The VPN firewall neither broadcasts its route table nor does it accept any RIP

packets from other routers. This effectively disables RIP.

•

Both

. The VPN firewall broadcasts its routing table and also processes RIP

information received from other routers.

•

Out Only

. The VPN firewall broadcasts its routing table periodically but does not

accept RIP information from other routers.