Page 46 / 240 Scroll up to view Page 41 - 45
ProSafe VPN Firewall 200 FVX538 Reference Manual
3-2
LAN Configuration
v1.0, March 2009
Primary DNS Server (the firewall’s LAN IP address).
WINS Server (if you entered a WINS server address in the DHCP Setup menu).
Lease Time (date obtained and duration of lease).
DHCP Relay
options allow you to make the firewall a dhcp relay agent. The DHCP Relay Agent
makes it possible for DHCP broadcast messages to be sent over routers that do not support
forwarding of these types of messages. The DHCP Relay Agent is therefore the routing protocol
that enables DHCP clients to obtain IP addresses from a DHCP server on a remote subnet, or
which is not located on the local subnet. If you have no configured DHCP Relay Agent, your
clients would only be able to obtain IP addresses from the DHCP server which is on the same
subnet. To enable clients to obtain IP addresses from a DHCP server on a remote subnet, you have
to configure the DHCP Relay Agent on the subnet that contains the remote clients, so that it can
relay DHCP broadcast messages to your DHCP server.
When the
DNS Proxy
option is enabled, the router will act as a proxy for all DNS requests and
communicate with the ISP’s DNS servers (as configured in the WAN settings page). All DHCP
clients will receive the Primary/Secondary DNS IP along with the IP where the DNS Proxy is
running, i.e. the box's LAN IP. When disabled, all DHCP clients will receive the DNS IP addresses
of the ISP excluding the DNS Proxy IP address. The feature is particularly useful in Auto Rollover
mode. For example, if the DNS servers for each connection are different, then a link failure may
render the DNS servers inaccessible. However, when the DNS proxy is enabled, then clients can
make requests to the router and the router, in turn, sends those requests to the DNS servers of the
active connection.
Configuring the LAN Setup Options
The
LAN IP Setup
menu allows configuration of LAN IP services such as DHCP and allows you
to configure a secondary or “multi-home” LAN IP setup in the LAN. The default values are
suitable for most users and situations. Disable the DNS Proxy if you are using a dual WAN
configuration with route diversity and failover. These are advanced settings most usually
configured by a network administrator.
Note:
If you enable the DNS Relay feature, you will not use the FVX538 as a DHCP
server but rather as a DHCP relay agent for a DHCP server somewhere else on
your network.
Page 47 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
LAN Configuration
3-3
v1.0, March 2009
1.
Select
Network Configuration
from the primary menu and
LAN Setup
from the submenu.
The
LAN Setup
screen will display.
2.
Enter the
IP Address
of your router (factory default:
192.168.1.1
). (Always make sure that the
LAN Port IP address and DMZ port IP address are in different subnets.)
3.
Enter the
IP Subnet Mask
. The subnet mask specifies the network number portion of an IP
address. Your router will automatically calculate the subnet mask based on the IP address that
you assign. Unless you are implementing subnetting, use 255.255.255.0 as the subnet mask
(computed by the router).
4.
Check the
Enable DHCP Server
radio button. By default, the router will function as a DHCP
(Dynamic Host Configuration Protocol) server, providing TCP/IP configuration for all
computers connected to the router's LAN. If another device on your network will be the DHCP
server, or if you will manually configure all devices, check the
Disable DHCP Server
radio
button. Enable DHCP Server is the default. If Enabled is selected, enter the following
parameters:
a.
Enter the
Domain Name
of the router (this is optional).
Figure 3-1
Page 48 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
3-4
LAN Configuration
v1.0, March 2009
b.
Enter the
Starting IP Address
. This address specifies the first of the contiguous addresses
in the IP address pool. Any new DHCP client joining the LAN will be assigned an IP
address between this address and the Ending IP Address. The IP address 192.168.1.2 is the
default start address.
c.
Enter the
Ending IP Address
. This address specifies the last of the contiguous addresses
in the IP address pool. Any new DHCP client joining the LAN will be assigned an IP
address between the Starting IP address and this IP address. The IP address 192.168.1.100
is the default ending address.
d.
Primary DNS Server
. (Optional) If an IP address is specified, the VPN firewall will
provide this address as the primary DNS server IP address. If no address is specified, the
VPN firewall will provide its own LAN IP address as the primary DNS server IP address.
e.
Secondary DNS Server
. (Optional) If an IP address is specified, the VPN firewall will
provide this address as the secondary DNS server IP address.
f.
Enter a
WINS Server
IP address. This box can specify the Windows NetBios Server IP if
one is present in your network. This field is optional.
g.
Enter a
Lease Time.
This specifies the duration for which IP addresses will be leased to
clients.
h.
To enable the DHCP server to provide LDAP server information, check the Enable LDAP
Information checkbox and fill in the fields accordingly.
i.
Check the
Enable DNS Proxy
radio box. This is optional—the default is enabled. If
enabled, the VPN firewall will provide a LAN IP Address for DNS address name
resolution.
Note:
The Starting and Ending DHCP addresses should be in the same “network”
as the LAN TCP/IP address of the router (the IP Address in
LAN TCP/IP
Setup
section).
Note:
If you change the LAN IP address of the firewall while connected through
the browser, you will be disconnected. You must then open a new
connection to the new IP address and log in again. For example, if you
change the default IP address 192.168.1.1 to 10.0.0.1, you must enter
in your browser to reconnect to the web management
interface.
Page 49 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
LAN Configuration
3-5
v1.0, March 2009
The feature is particularly useful in Auto Rollover mode. For example, if the DNS servers
for each connection are different, then a link failure may render the DNS servers
inaccessible. However, when the DNS proxy is enabled, then clients can make requests to
the router and the router, in turn, sends those requests to the DNS servers of the active
connection.
When enabled, the router will act as a proxy for all DNS requests and communicate
with the ISP’s DNS servers (as configured in the WAN settings page).
When disabled, all DHCP clients will receive the DNS IP addresses of the ISP.
5.
Click
Apply
to save your settings.
6.
Click
Reset
to discard any changes and revert to the previous configuration.
Configuring Multi Home LAN IPs
If you have computers using different IP networks in the LAN, (for example, 172.16.2.0, 10.0.0.0),
then you can add aliases to the LAN port and give computers on those networks access to the
Internet.
The Available Secondary LAN IPs table lists the secondary LAN IP addresses added to the router.
IP Address
: The IP address alias added to the LAN port of the router. This is the gateway for
computers that need to access the Internet.
Subnet Mask
: IPv4 Subnet Mask.
Note:
Once you have completed the LAN IP setup, all outbound traffic is allowed
and all inbound traffic is discarded. To change these traffic rules, refer to
Chapter 4, “Firewall Protection and Content Filtering
.
Figure 3-2
Page 50 / 240
ProSafe VPN Firewall 200 FVX538 Reference Manual
3-6
LAN Configuration
v1.0, March 2009
Action
: The Edit link allows you to make changes to the selected entry.
Select All
: Selects all the entries in the Available Secondary LAN IPs table.
Delete
: Deletes selected entries from the Available Secondary LAN IPs table.
To add a secondary LAN IP address:
1.
Type in the IP Address and the Subnet Mask in the respective text fields.
2.
Click
Add
. The Secondary LAN IP address will be added to the Secondary LAN IPs table.
Managing Groups and Hosts (LAN Groups)
The
Known PCs and Devices
table on the
Groups and Hosts
screen contains a list of all known
PCs and network devices, as well as hosts, that are assigned dynamic IP addresses by this router.
Collectively, these entries make up the Network Database. The Network Database is created in two
ways:
DHCP Client Requests
. By default, the DHCP server in this Router is enabled, and will
accept and respond to DHCP client requests from PCs and other network devices. These
requests also generate an entry in the Network Database. Because of this, leaving the DHCP
Server feature (on the LAN screen) enabled is strongly recommended.
Scanning the Network
. The local network is scanned using standard methods such as ARP.
This will detect active devices which are not DHCP clients. However, sometimes the name of
the PC or device cannot be accurately determined, and will be shown as Unknown.
Note:
Additional IP addresses cannot be configured in the DHCP server. The hosts on the
secondary subnets must be manually configured with the IP addresses, gateway IP
and DNS server IPs.
Warning:
Make sure the secondary IP addresses are different from the LAN, WAN,
DMZ, and any other subnet attached to this router.
For example:
WAN1 IP address: 10.0.0.1 with subnet 255.0.0.0
WAN2 IP address: 20.0.0.1 with subnet 255.0.0.0
DMZ IP address: 192.168.10.1 with subnet 255.255.255.0
LAN IP address: 192.168.1.1 with subnet 255.255.255.0
Secondary LAN IP: 192.168.20.1 with subnet 255.255.255.0

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top