1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 24
Page 116 / 469 Scroll up to view Page 111 - 115
LAN Configuration
116
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 64.
2.
Enter the settings as described in the following table:
Table 23.
DMZ Setup screen settings for IPv4
Setting
Description
DMZ Port Setup
Do you want to
enable DMZ Port?
Select one of the following radio buttons:
Yes
. Enables you to configure the DMZ port settings. Fill in the IP Address and
Subnet Mask fields.
No
. Allows you to disable the DMZ port after you have configured it.
IP Address
Enter the IP address of the DMZ port. Make sure that the DMZ
port IP address and LAN port IP address are in different
subnets (for example, an address outside the LAN DHCP
address pool, such as 192.168.1.101 when the LAN DHCP
pool is 192.168.1.2–192.168.1.100). The default IP address for
the DMZ port 176.16.2.1.
Subnet Mask
Enter the IP subnet mask of the DMZ port. The subnet mask
specifies the network number portion of an IP address. The
subnet mask for the DMZ port is 255.255.255.0.
Page 117 / 469
LAN Configuration
117
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
DHCP for DMZ Connected Computers
Disable DHCP Server
If another device on your network is the DHCP server for the VLAN, or if you intend
to manually configure the network settings of all of your computers, select the
Disable DHCP Server
radio button to disable the DHCP server. This is the default
setting.
Enable DHCP Server
Select the
Enable DHCP Server
radio button to enable the VPN firewall to function
as a Dynamic Host Configuration Protocol (DHCP) server, providing TCP/IP
configuration for all computers connected to the VLAN. Enter the following settings:
Domain Name
This setting is optional. Enter the domain name of the VPN
firewall.
Start IP Address
Enter the start IP address. This address specifies the first of
the contiguous addresses in the IP address pool. Any new
DHCP client joining the LAN is assigned an IP address
between this address and the end IP address. The default IP
address 176.16.2.100.
End IP Address
Enter the end IP address. This address specifies the last of the
contiguous addresses in the IP address pool. Any new DHCP
client joining the LAN is assigned an IP address between the
start IP address and this IP address. The default IP address
176.16.2.254.
Note:
The start and end DHCP IP addresses should be in the
same network as the LAN TCP/IP address of the VPN firewall
(that is, the IP address in the DMZ Port Setup section as
described earlier in this table).
Primary DNS
Server
This setting is optional. If an IP address is specified, the VPN
firewall provides this address as the primary DNS server IP
address. If no address is specified, the VPN firewall provides
its own LAN IP address as the primary DNS server IP address.
Secondary DNS
Server
This setting is optional. If an IP address is specified, the VPN
firewall provides this address as the secondary DNS server IP
address.
WINS Server
This setting is optional. Enter a WINS server IP address to
specify the Windows NetBIOS server, if one is present in your
network.
Lease Time
Enter a lease time. This specifies the duration for which IP
addresses are leased to clients.
DHCP Relay
To use the VPN firewall as a DHCP relay agent for a DHCP server somewhere else
in your network, select the
DHCP Relay
radio button. Enter the following setting:
Relay Gateway
The IP address of the DHCP server for which the VPN firewall
serves as a relay.
Table 23.
DMZ Setup screen settings for IPv4 (continued)
Setting
Description
Page 118 / 469
LAN Configuration
118
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
3.
Click
Apply
to save your settings.
DMZ Port for IPv6 Traffic
The DMZ Setup (IPv6) screen lets you set up the DMZ port for IPv6 traffic. You can enable or
disable the hardware DMZ port (LAN port 4; see
Front Panel
on page
17) for IPv6 traffic and
configure an IPv6 address and prefix length for the DMZ port.
The IPv6 clients in the DMZ can autoconfigure their own IPv6 address or obtain an IPv6
address through a DHCPv6 server.
Enable LDAP
information
To enable the DHCP server to provide Lightweight Directory Access Protocol
(LDAP) server information, select the
Enable LDAP information
check box. Enter
the following settings.
LDAP Server
The IP address or name of the LDAP server.
Search Base
The search objects that specify the location in the directory tree
from which the LDAP search begins. You can specify multiple
search objects, separated by commas. The search objects
include:
CN (for common name)
OU (for organizational unit)
O (for organization)
C (for country)
DC (for domain)
For example, to search the Netgear.net domain for all last
names of Johnson, you would enter:
cn=Johnson,dc=Netgear,dc=net
Port
The port number for the LDAP server. The default setting is 0
(zero).
DNS Proxy
Enable DNS Proxy
This setting is optional. To enable the VPN firewall to provide a LAN IP address for
DNS address name resolution, select the
Enable DNS Proxy
check box. This
check box is selected by default.
Note:
When the DNS Proxy option is disabled, all DHCP clients receive the DNS
IP addresses of the ISP but without the DNS proxy IP address.
Table 23.
DMZ Setup screen settings for IPv4 (continued)
Setting
Description
Page 119 / 469
LAN Configuration
119
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
For the DMZ, there are two DHCPv6 server options:
Stateless DHCPv6 server
. The IPv6 clients in the DMZ generate their own IP address by
using a combination of locally available information and router advertisements, but
receive DNS server information from the DHCPv6 server. For stateless DHCPv6, you
need to configure the RADVD and advertisement prefixes (see
Configure the IPv6 Router
Advertisement Daemon and Advertisement Prefixes for the DMZ
on page
122).
Stateful DHCPv6 server
. The IPv6 clients in the DMZ obtain an interface IP address,
configuration information such as DNS server information, and other parameters from the
DHCPv6 server. The IP address is a dynamic address. For stateful DHCPv6, you need to
configure IPv6 address pools (see
IPv6 DMZ Address Pools
on page
121).
To enable and configure the DMZ port for IPv6 traffic:
1.
Select
Network Configuration > DMZ Setup
.
2.
In the upper right of the screen, select the
IPv6
radio button. The DMZ Setup screen
displays the IPv6 settings:
Figure 65.
Page 120 / 469
LAN Configuration
120
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
3.
Enter the settings as described in the following table:
Table 24.
DMZ Setup screen settings for IPv6
Setting
Description
DMZ Port Setup
Do you want to
enable DMZ Port?
Select one of the following radio buttons:
Yes
. Enables you to configure the DMZ port settings. Fill in the IP Address and
Subnet Mask fields.
No
. Allows you to disable the DMZ port after you have configured it.
IPv6 Address
Enter the IP address of the DMZ port. Make sure that the DMZ
port IP address, LAN port IP address, and WAN port IP
address are in different subnets. The default IP address for the
DMZ port is 176::1.
Prefix Length
Enter the IPv6 prefix length, for example, 10 or 64. The default
prefix length for the DMZ port is 64.
DHCPv6 for DMZ Connected Computers
DHCP Status
Specify the status of the DHCPv6 server:
Disable DHCPv6 Server
. This is the default setting, and the DHCPv6 fields are
masked out.
Enable the DHCPv6 Server
. If you enable the server, you need to complete
the DHCPv6 fields.
DHCP Mode
Select one of the DHCPv6 modes from the drop-down list:
Stateless
. The IPv6 clients generate their own IP address
by using a combination of locally available information and
router advertisements, but receive DNS server information
from the DHCPv6 server. For stateless DHCPv6, you need
to configure the RADVD and advertisement prefixes (see
Configure the IPv6 Router Advertisement Daemon and
Advertisement Prefixes for the DMZ
on page
122).
Stateful
. The IPv6 clients obtain an interface IP address,
configuration information such as DNS server information,
and other parameters from the DHCPv6 server. The IP
address is a dynamic address. (see
IPv6 DMZ Address
Pools
on page
121).
Domain Name
Enter the domain name of the DHCP server.
Server Preference
Enter the DHCP server preference value. The possible values
are 0–255, with 255 as the default setting.
This is an optional setting that specifies the server’s preference
value in a server advertise message. The client selects the
server with the highest preference value as the preferred
server.

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top