1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 23
Page 111 / 469 Scroll up to view Page 106 - 110
LAN Configuration
111
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
5.
Click
Apply
to save your changes.
Advertisement Prefixes for the LAN
You need to configure the prefixes that are advertised in the LAN RAs. For a 6to4 address,
you need to specify only the site level aggregation identifier (SLA ID) and the prefix lifetime.
For a global, local, or ISATAP address, you need to specify the prefix, prefix length, and
prefix lifetime.
To add an advertisement prefix for the LAN:
1.
On the RADVD screen for the LAN, under the List of Prefixes to Advertise table, click
Add
. The Add Advertise Prefixes screen displays:
RA Flags
Specify what type of information the DHCPv6 server provides in the LAN by making a
selection from the drop-down list:
Managed
. The DHCPv6 server is used for autoconfiguration of the IP address.
Other
. The DHCPv6 server is not used for autoconfiguration of the IP address, but
other configuration information such as DNS information is available through the
DHCPv6 server.
Note:
Irrespective of the RA flag settings, the RADVD provides information about the
prefix, prefix length, and gateway addresses and is also used for autoconfiguration of
the IP address.
Router Preference
Specify the VPN firewall’s preference in relation to other hosts and routers in the LAN
by making a selection from the drop-down list:
Low
. The VPN firewall is treated as a nonpreferred router in the LAN.
Medium
. The VPN firewall is treated as a neutral router in the LAN.
High
. The VPN firewall is treated as a preferred router in the LAN.
MTU
The maximum transmission unit (MTU) size for a packet in one transmission over a
link. The default setting is 1500.
Router Lifetime
The router lifetime specifies how long the default route that was created as a result of
the router advertisement should remain valid.
Enter the router lifetime in seconds. This is the period that the advertised prefixes are
valid for route determination. The default period is 3600 seconds (one hour). The
minimum value is 30 seconds; the maximum value is 9000 seconds.
Table 21.
RADVD screen settings for the LAN (continued)
Setting
Description
Page 112 / 469
LAN Configuration
112
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 62.
2.
Enter the settings as described in the following table:
3.
Click
Apply
to save your changes and add the new IPv6 address pool to the List of Prefixes
to Advertise table on the RADVD screen for the LAN.
To edit an advertisement prefix:
1.
On the RADVD screen for the LAN (see
Figure
61
on page
110), click the
Edit
button in
the Action column for the advertisement prefix that you want to modify. The Add
Advertisement Prefix screen displays.
2.
Modify the settings as described in the previous table.
Table 22.
Add Advertise Prefixes screen settings for the LAN
Setting
Description
IPv6 Prefix Type
Specify the IPv6 prefix type by making a selection from the drop-down list:
6to4
. The prefix is for a 6to4 address. You need to select a WAN interface from
the 6to4Interface drop-down list, and complete the SLA ID field and Prefix Lifetime
field. The other fields are masked out.
Global/Local/ISATAP
. The prefix is for a global, local, or ISATAP address. This
needs to be a global prefix or a site-local prefix; it cannot be a link-local prefix. You
need to complete the IPv6 Prefix field, IPv6 Prefix Length field, and Prefix Lifetime
field. The 6to4Interface drop-down list and SLA ID field are masked out.
6to4Interface
Select a WAN interface from the drop-down list.
SLA ID
Enter the site level aggregation identifier (SLA ID) for the 6to4 address prefix that
should be included in the advertisement.
IPv6 Prefix
Enter the IPv6 prefix for the VPN firewall’s LAN that should be included in the
advertisement.
IPv6 Prefix Length
Enter the IPv6 prefix length (typically 64) that should be included in the advertisement.
Prefix Lifetime
The prefix lifetime specifies how long the IP address that was created as a result of the
router advertisement should remain valid.
Enter the prefix lifetime in seconds that should be included in the advertisement. The
minimum period is 0 seconds; the maximum period is 65536 seconds.
Page 113 / 469
LAN Configuration
113
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
3.
Click
Apply
to save your settings.
To delete one or more advertisement prefixes:
1.
On the RADVD screen for the LAN (see
Figure
61
on page
110), select the check box to
the left of each advertisement prefix that you want to delete, or click the
Select All
table
button to select all advertisement prefixes.
2.
Click the
Delete
table button.
Configure IPv6 Multihome LAN IP Addresses on the
Default VLAN
If you have computers using different IPv6 networks in the LAN (for example, fec0::2 or
fec0::1000:10), you can add aliases to the LAN ports and give computers on those networks
access to the Internet, but you can do so only for the default VLAN. The IP address that is
assigned as a secondary IP address needs to be unique and cannot be assigned to a VLAN.
Make sure that any secondary LAN addresses are different from the primary LAN, WAN, and
DMZ IP addresses and subnet addresses that are already configured on the VPN firewall.
The following is an example of correctly configured IPv6 addresses:
WAN IP address. 2000::e246:9aff:fe1d:1a9c with a prefix length of 64
DMZ IP address. 176::e246:9aff:fe1d:a1bc with a prefix length of 64
Primary LAN IP address. fec0::1 with a prefix length of 10
Secondary LAN IP address. 2001:db8:3000::2192 with a prefix length of 10.
To add a secondary LAN IPv6 address:
1.
Select
Network Configuration > LAN Settings > LAN Multi-homing
.
2.
In the upper right of the screen, select the
IPv6
radio button. The LAN Multi-homing screen
displays the IPv6 settings. (The following figure contains one example.)
Figure 63.
The Available Secondary LAN IPs table displays the secondary LAN IP addresses added
to the VPN firewall.
Page 114 / 469
LAN Configuration
114
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
3.
In the Add Secondary LAN IP Address section of the screen, enter the following settings:
IPv6 Address
. Enter the secondary address that you want to assign to the LAN ports.
Prefix Length
. Enter the prefix length for the secondary IP address.
4.
Click the
Add
table button in the rightmost column to add the secondary IP address to the
Available Secondary LAN IPs table.
Repeat
Step
2
and
Step
3
for each secondary IP address that you want to add to the
Available Secondary LAN IPs table.
Note:
Secondary IP addresses cannot be configured in the DHCP server.
The hosts on the secondary subnets need to be manually configured
with the IP addresses, gateway IP address, and DNS server IP
addresses.
To edit a secondary LAN IP address:
1.
On the LAN Multi-homing screen for IPv6 (see the previous figure), click the
Edit
button
in the Action column for the secondary IP address that you want to modify. The Edit LAN
Multi-homing screen displays.
2.
Modify the IP address or prefix length, or both.
3.
Click
Apply
to save your settings.
To delete one or more secondary LAN IP addresses:
1.
On the LAN Multi-homing screen for IPv6 (see the previous figure), select the check box
to the left of each secondary IP address that you want to delete, or click the
Select All
table button to select secondary IP addresses.
2.
Click the
Delete
table button.
Enable and Configure the DMZ Port for IPv4 and IPv6
Traffic
DMZ Port for IPv4 Traffic
DMZ Port for IPv6 Traffic
Configure the IPv6 Router Advertisement Daemon and Advertisement Prefixes for the
DMZ
The demilitarized zone (DMZ) is a network that, by default, has fewer firewall restrictions than
the LAN. The DMZ can be used to host servers (such as a web server, FTP server, or email
server) and provide public access to them. The rightmost LAN port on the VPN firewall can
be dedicated as a hardware DMZ port to safely provide services to the Internet without
compromising security on your LAN.
Page 115 / 469
LAN Configuration
115
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
By default, the DMZ port and both inbound and outbound DMZ traffic are disabled. Enabling
the DMZ port and allowing traffic to and from the DMZ increases the traffic through the WAN
ports.
Using a DMZ port is also helpful with online games and videoconferencing applications that
are incompatible with NAT. The VPN firewall is programmed to recognize some of these
applications and to work correctly with them, but there are other applications that might not
function well. In some cases, local computers can run the application correctly if those
computers are used on the DMZ port.
Note:
A separate firewall security profile is provided for the DMZ port that
is also physically independent of the standard firewall security
component that is used for the LAN.
Note:
For information about how to define the DMZ WAN rules and LAN
DMZ rules, see
Configure DMZ WAN Rules
on page
152 and
Configure LAN DMZ Rules
on page
158, respectively.
Note:
When you enable the DMZ port for IPv4 traffic, IPv6 traffic, or both,
the DMZ LED next to LAN port 4 (see
Front Panel
on page
17) lights
green to indicate that the DMZ port is enabled.
DMZ Port for IPv4 Traffic
The DMZ Setup (IPv4) screen lets you set up the DMZ port for IPv4 traffic. You can enable or
disable the hardware DMZ port (LAN port 4; see
Front Panel
on page
17) and configure an
IPv4 address and subnet mask for the DMZ port.
To enable and configure the DMZ port for IPv4 traffic:
1.
Select
Network Configuration > DMZ Setup
.
In the upper right of the screen, the IPv4
radio button is selected by default. The DMZ Setup screen displays the IPv4 settings:

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top