ProSafe VPN Firewall 200 FVX538 Reference Manual

3-12

LAN Configuration

v1.0, March 2009

6.

Click

Apply

to save your settings. The DMZ LED next to LAN port 8 (see

“Router Front and

Rear Panels” on page 1-6

) will light up indicating that the DMZ port has been enabled.

If another device on your DMZ network will be the DHCP server, or if you will manually

configure all devices, leave the Disable option (default) checked.

To define the DMZ WAN Rules and LAN DMZ Rules, see

“Setting DMZ WAN Rules” on

page 4-12

and

“Setting LAN DMZ Rules” on page 4-14

, respectively.

Static Routes

Static Routes provide additional routing information to your firewall. Under normal

circumstances, the firewall has adequate routing information after it has been configured for

Internet access, and you do not need to configure additional static routes. You should configure

static routes only for unusual cases such as multiple firewalls or multiple IP subnets located on

your network.

Configuring Static Routes

To add or edit a static route:

1.

Select

Network Configuration

from the main menu and

Routing

from the submenu. The

Routing

screen will display.

2.

Click

Add

. The

Add Static Route

menu, shown below, will display.

3.

Enter a route name for this static route in the

Route Name

field (for identification and

management).

ProSafe VPN Firewall 200 FVX538 Reference Manual

LAN Configuration

3-13

v1.0, March 2009

4.

Select Active to make this route effective.

5.

Select Private if you want to limit access to the LAN only. The static route will not be

advertised in RIP.

6.

Enter the Destination IP Address to the host or network to which the route leads.

7.

Enter the IP Subnet Mask for this destination. If the destination is a single host, enter

255.255.255.255.

8.

Enter the Interface which is the physical network interface (WAN1, WAN2, or LAN) through

which this route is accessible.

9.

Enter the Gateway IP Address through which the destination host or network can be reached

(must be a firewall on the same LAN segment as the firewall).

10.

Enter the Metric priority for this route. If multiple routes to the same destination exit, the route

with the lowest metric is chosen. (value must be between 1 and 15),

11.

Click

Reset

to discard any changes and revert to the previous settings.

12.

Click

Apply

to save your settings. The new static route will be added to Route table.

You can edit the route’s settings by clicking

Edit

in the Action column adjacent to the route.

Figure 3-5

ProSafe VPN Firewall 200 FVX538 Reference Manual

3-14

LAN Configuration

v1.0, March 2009

Routing Information Protocol (RIP)

RIP (Routing Information Protocol, RFC 2453) is an Interior Gateway Protocol (IGP) that is

commonly used in internal networks (LANs). It allows a router to exchange its routing information

automatically with other routers, and allows it to dynamically adjust its routing tables and adapt to

changes in the network. RIP is disabled by default.

To configure RIP parameters:

1.

Select

Network Configuration

from the main menu and

Routing

from the submenu. When

the

Routing

screen displays, click

RIP Configuration.

The

RIP Configuration

screen will

display.

2.

From the

RIP Direction

pull-down menu, select the direction in which the router will send

and receives RIP packets. The choices are:

•

None

– The router neither broadcasts its route table nor does it accept any RIP packets

from other routers. This effectively disables RIP.

•

Both

– The router broadcasts its routing table and also processes RIP information received

from other routers.

•

Out Only

– The router broadcasts its routing table periodically but does not accept RIP

information from other routers.

•

In Only

– The router accepts RIP information from other routers, but does not broadcast

its routing table.

ProSafe VPN Firewall 200 FVX538 Reference Manual

LAN Configuration

3-15

v1.0, March 2009

3.

From the

RIP Version

pull-down menu, select the version:

•

RIP-1

– A classful routing that does not include subnet information. This is the most

commonly supported version.

•

RIP-2 –

Supports subnet information. Both RIP-2B and RIP-2M send the routing data in

RIP-2 format:

•

RIP-2B

Sends the routing data in RIP-2 format and uses subnet broadcasting.

•

RIP-2M

Sends the routing data in RIP-2 format and uses multicasting.

4.

Authentication for RIP2B/2M required?

If you selected RIP-2B or RIP-2M, check the

YES

radio box to enable the feature, and input the

First Key Parameters

and

Second Key

Parameters

MD-5 keys to authenticate between routers.

5.

Click

Reset

to discard any changes and revert to the previous settings.

Figure 3-6

ProSafe VPN Firewall 200 FVX538 Reference Manual

3-16

LAN Configuration

v1.0, March 2009

6.

Click

Save

to save your settings.

Static Route Example

For example, you may require a static route if:

•

Your primary Internet access is through a cable modem to an ISP.

•

You have an ISDN firewall on your home network for connecting to the company where you

are employed. This firewall’s address on your LAN is 192.168.1.100.

•

Your company’s network is 134.177.0.0.

When you first configured your firewall, two implicit static routes were created. A default route

was created with your ISP as the gateway, and a second static route was created to your local

network for all 192.168.1.x addresses. With this configuration, if you attempt to access a device on

the 134.177.0.0 network, your firewall will forward your request to the ISP. The ISP forwards your

request to the company where you are employed, and the request will likely be denied by the

company’s firewall.

In this case you must define a static route, telling your firewall that 134.177.0.0 should be accessed

through the ISDN firewall at 192.168.1.100.

In this example:

•

The Destination IP Address and IP Subnet Mask fields specify that this static route applies to

all 134.177.x.x addresses.

•

The Gateway IP Address fields specifies that all traffic for these addresses should be

forwarded to the ISDN firewall at 192.168.1.100.

•

A Metric value of 1 will work since the ISDN firewall is on the LAN.

•

Private is selected only as a precautionary security measure in case RIP is activated.