FVS338 ProSafe VPN Firewall 50 Reference Manual

Connecting the FVS338 to the Internet

2-15

v1.0, September 2006

Configuring the WAN Mode

The

WAN Mode

screen allows you to configure how your router uses your external Internet

connections; for example, your WAN port or dialup modem connections.

•

NAT.

NAT is the technology which allows all PCs on your LAN to share a single Internet IP

address. Viewed from the Internet, the WAN port on the VPN firewall is configured with a

single IP address—the “public” address. PCs on your LAN can use any “private” IP address

range, and these IP addresses are not visible from the Internet.

–

The Router uses NAT to select the correct PC (on your LAN) to receive any incoming data

and hides internal IP addresses from computers on the Internet.

–

If you only have a single Internet IP address, you MUST use NAT.

NAT is the default setting. Select NAT if your ISP has assigned only one IP address to you.

The computers that connect through the router must then be assigned IP addresses from a

private subnet (for example: 192.168.1.0).

•

Classical Routing.

In this mode, the Router performs Routing, but without NAT. To gain

Internet access, each PC on your LAN must have a valid Internet IP address.

If your ISP has allocated many IP addresses to you, and you have assigned one of these

addresses to each PC, you can choose Classical Routing. Or, you can use Classical Routing for

routing private IP addresses within a campus environment. Otherwise, selecting this method

will not allow Internet access through this Router.

To configure the WAN Mode:

1.

Select

Network Configuration

from the main menu and

WAN Mode

from the submenu. The

WAN Mode

screen will display.

2.

Check either the

NAT

or

Classical Routing

radio box. NAT is the default.

3.

Select the

Port Mode.

The Port Mode settings allow you to configure your router to use only

one WAN port or to select the Dialup port as a backup.

•

If you are connected to only one ISP, then check the

Use only single WAN port

and select

the WAN port that is connected to your ISP from the pull down menu.

Note:

The router will delete all inbound firewall rules when switching between NAT

and Classical Routing.

FVS338 ProSafe VPN Firewall 50 Reference Manual

2-16

Connecting the FVS338 to the Internet

v1.0, September 2006

•

If you have both ISP links connected for Internet connectivity, check the

Primary

Broadband with Dialup as backup

for auto-rollover

.

4.

The WAN Failure Detection Method must be configured to notify the router of a link failure if

you are using Dialup as a backup to engage auto-rollover. The router checks the connection of

the primary link at regular intervals to detect its status. Check the radio box of one the

following methods to detect link failure:

•

Select

DNS lookup using configured DNS Servers

to detect failure of the Broadband

link, using the DNS servers configured in the

Broadband ISP Settings

screen.

•

Select

DNS lookup using this DNS Server

and enter the IP address of the DNS server to

specify a DNS server for detecting WAN failure

•

Select

Ping to this IP address

and enter an IP address to detect WAN failure by pinging to

an IP address. Ensure that this destination host is reliable.

If a failure is detected on the primary broadband connection, the secondary dialup connection

connects to the Internet. When the primary connection is detected as back online, the

secondary dialup connection disconnects.

5.

Enter a

Test Period,

in seconds, to tell the router how often it should run the configured

detection method. The default is 30 seconds.

6.

Enter the number of router failures that should occur before the router rolls-over to the Dialup

port. The default is 4.

7.

Enter

Apply

to save your settings or

Cancel

to revert to the previous settings.

Configuring Dynamic DNS (If Needed)

Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses

to be located using Internet domain names. To use DDNS, you must setup an account with a

DDNS provider such as DynDNS.org, TZO.com or Iego.net.

Once you have registered your domain name to their IP address, all FQDN traffic will be directed

to your frequently-changing IP address. (For rollover mode, you will need a fully qualified domain

name to implement features such as exposed hosts and virtual private networks regardless of

whether you have a fixed or dynamic IP address.)

Note:

If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the

dynamic DNS service will not be available since private addresses cannot be

routed on the Internet.

FVS338 ProSafe VPN Firewall 50 Reference Manual

Connecting the FVS338 to the Internet

2-17

v1.0, September 2006

This router firmware includes software that notifies dynamic DNS servers of changes in the WAN

IP address, so that the services running on this network can be accessed by others on the Internet.

After you have configured your account information in the firewall, whenever your ISP-assigned

IP address changes, your firewall will automatically contact your dynamic DNS service provider,

log in to your account, and register your new IP address.

To configure a Dynamic DNS address:

1.

Select

Network Configuration

from the main menu and

Dynamic DNS

from the submenu.

The

Dynamic DNS Configuration

screen displays. The

WAN Mode

section displays the

currently configured WAN Mode: Single Port or Auto-Rollover.

If you have configured Single Port, choose a DNS service provider, then fill out the DDNS

section for that port. If you have enabled Auto-Rollover, choose a service provider and

complete both sections. (Only those options that match the configured WAN Mode will be

accessible.)

Figure 2-9

FVS338 ProSafe VPN Firewall 50 Reference Manual

2-18

Connecting the FVS338 to the Internet

v1.0, September 2006

2.

Check the Dynamic DNS Service radio box you want to enable. The fields corresponding to

the selection you have selected will be highlighted. Each DNS service provider requires its

own parameters.

3.

Access the Web site of one of the DDNS service providers and set up an account. A link to

each DDNS provider is opposite the DNS Configuration screen name.

4.

After setting up your account, return to the Dynamic DNS Configuration screen and fill in the

required fields for the DDNS service you selected:

a.

In the Host and Domain Name field, enter the entire FQDN name that your dynamic DNS

service provider gave you (for example: <

yourname>

.dyndns.org).

b.

Enter the User Name, User email Address, or Account Name requested by the DDNS

Service to identify you when logging into your DDNS account.

c.

Enter the Password, or User Key, for your DDNS account.

d.

If your dynamic DNS provider allows the use of wild cards in resolving your URL, you

may check the

Use wildcards

radio box to activate this feature.

For example, the wildcard feature will cause

*.yourhost.dyndns.org

to be aliased

to the same IP address as

yourhost.dyndns.org

5.

Click

Apply

to save your configuration or click

Cancel

your settings and revert to the

previous settings.

LAN Configuration

3-1

v1.0, September 2006

Chapter 3

LAN Configuration

This chapter describes how to configure LAN Setup, LAN Groups and Routing (Static IP) features

of your ProSafe VPN Firewall 50. These features can be found under the

Network Configuration

menu of the router interface.

Configuring Your LAN (Local Area Network)

By default, the firewall will function as a DHCP (Dynamic Host Configuration Protocol) server,

allowing it to assign IP, DNS server, WINS Server, and default gateway addresses to all computers

connected to the firewall LAN. The assigned default gateway address is the LAN address of the

firewall. IP addresses will be assigned to the attached PCs from a pool of addresses specified in

this menu. Each pool address is tested before it is assigned to avoid duplicate addresses on the

LAN.

Using the VPN Firewall as a DHCP Server

For most applications, the default DHCP and TCP/IP settings of the firewall are satisfactory. See

the link to

“Preparing a Computer for Network Access:” in Appendix B

for an explanation of

DHCP and information about how to assign IP addresses for your network.

The firewall will deliver the following parameters to any LAN device that requests DHCP:

•

An IP Address from the range you have defined

•

Subnet Mask

•

Gateway IP Address (the firewall’s LAN IP address)

•

Primary DNS Server (the firewall’s LAN IP address)

•

WINS Server (if you entered a WINS server address in the DHCP Setup menu)

•

Lease Time (date obtained and duration of lease).

The

LAN Setup

screen allows you to configure the LAN on your router. The default values are

suitable for most users and situations.