FVS338 ProSafe VPN Firewall 50 Reference Manual

LAN Configuration

3-7

v1.0, September 2006

To edit an entry in the

Known PCs and Devices

table:

1.

Click

Edit

adjacent to the entry you want to modify. The

Edit Known PCs and Devices

screen will display. Make your modifications to the entry.

2.

Click

Apply

to save your settings. The changes will appear the

Known PCs and Devices

table.

To edit a Group Name in the Network Database:

1.

On the

Groups and Hosts

screen, click the

Edit Group Names

link.

2.

Check the radio button by the group name you want to modify and type in a suitable name.

3.

Click Apply to save the settings.

Figure 3-3

FVS338 ProSafe VPN Firewall 50 Reference Manual

3-8

LAN Configuration

v1.0, September 2006

Setting Up Address Reservation

When you specify a reserved IP address for a device on the LAN (based on the MAC address of

the device), that computer or device will always receive the same IP address each time it accesses

the firewall’s DHCP server. Reserved IP addresses should be assigned to servers or access points

that require permanent IP settings. The Reserved IP address that you select must be outside of the

DHCP Server pool.

To reserve an IP address, use the

Groups and Hosts

screen under the

Network Configuration

menu

, LAN Groups

submenu (see

“Creating the Network Database” on page 3-5

).

Configuring Static Routes

Static Routes provide additional routing information to your firewall. Under normal

circumstances, the firewall has adequate routing information after it has been configured for

Internet access, and you do not need to configure additional static routes. You must configure

static routes only for unusual cases such as multiple firewalls or multiple IP subnets located on

your network.

To add or edit a Static Route:

1.

Select

Network Configuration

from the main menu and

Routing

from the submenu. The

Routing

screen will display.

2.

Click

Add.

The

Add Static Route

screen will display.

3.

Enter a name for the static route in the

Route Name

field (for identification purpose only).

4.

Determine whether the route is

•

Active

or

Inactive

. A route can be added to the table and made inactive, if not needed.

This allows routes to be used as needed without deleting the entry and re-adding it. An

inactive route is not broadcast if RIP is enabled. Select the

Active

radio box to make this

route effective.

•

Private

: Determine whether the route can be shared with other routers when RIP is

enabled. If Yes, then the route will not be shared in a RIP broadcast or multicast. Check

the

Private

radio box if you want to limit access to the LAN only. The static route will not

be advertised in RIP.

Note:

The reserved address will not be assigned until the next time the PC contacts the

firewall's DHCP server. Reboot the PC or access its IP configuration and force a

DHCP release and renew.

FVS338 ProSafe VPN Firewall 50 Reference Manual

LAN Configuration

3-9

v1.0, September 2006

5.

Type the

Destination IP Address

or network of the route’s final destination.

6.

Enter the

IP Subnet Mask

for this destination. If the destination is a single host, enter

255.255.255.255.

7.

From the

Interface

pull-down menu, selection the physical network interface (Broadband,

Dialup, or LAN) through which this route is accessible.

8.

Enter the

Gateway IP Address

(which must be a firewall on the same LAN segment as the

firewall) of the gateway through which the destination host or network can be reached.

9.

Enter the

Metric

value that determines the priority of the route. If multiple routes to the same

destination exist, the route with the lowest metric is chosen. Usually, a setting of 2 or 3 works,

but if this is a direct connection, set it to 1.

10.

Click

Apply

to save the static route to the

Static Routes

table.

Static Route Example

For example, a static route is needed if:

•

Your primary Internet access is through a cable modem to an ISP.

Figure 3-4

FVS338 ProSafe VPN Firewall 50 Reference Manual

3-10

LAN Configuration

v1.0, September 2006

•

You have an ISDN firewall on your home network for connecting to the company where you

are employed. This firewall’s address on your LAN is 192.168.1.100.

•

Your company’s network is 134.177.0.0.

When you first configured your firewall, two implicit static routes were created. A default route

was created with your ISP as the gateway, and a second static route was created to your local

network for all 192.168.1.x addresses. With this configuration, if you attempt to access a device on

the 134.177.0.0 network, your firewall will forward your request to the ISP. The ISP forwards your

request to the company where you are employed, and the request will likely be denied by the

company’s firewall.

In this case you must define a static route, telling your firewall that 134.177.0.0 should be accessed

through the ISDN firewall at 192.168.1.100.

In this example:

•

The Destination IP Address and IP Subnet Mask fields specify that this static route applies to

all 134.177.x.x addresses.

•

The Gateway IP Address fields specifies that all traffic for these addresses should be

forwarded to the ISDN firewall at 192.168.1.100.

•

A Metric value of 1 will work since the ISDN firewall is on the LAN.

•

Private is selected only as a precautionary security measure in case RIP is activated.

RIP Configuration

RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) and is

commonly used in internal networks. It allows a router to exchange its routing information

automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to

changes in the network. RIP is disabled by default.

FVS338 ProSafe VPN Firewall 50 Reference Manual

LAN Configuration

3-11

v1.0, September 2006

To enable RIP:

1.

Select

Network Configuration

from the main menu and

Routing

from the submenu. The

Routing

screen will display.

2.

Click the

RIP Configuration

link. The

RIP Configuration

screen will display.

3.

From the

RIP Direction

pull-down menu, select the direction for the router to send and

receive RIP packets:

•

Both

– the router broadcasts its routing table and also processes RIP information received

from other routers.

•

Out Only

– the router broadcasts its routing table periodically but does not accept RIP

information from other routers.

•

In Only

– the router accepts RIP information from other routers, but does not broadcast its

routing table.

Figure 3-5