1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 25
Page 121 / 469 Scroll up to view Page 116 - 120
LAN Configuration
121
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
Click
Apply
to save your settings.
IPv6 DMZ Address Pools
If you configure a stateful DHCPv6 server for the DMZ, you need to add local DHCP IPv6
address pools so the DHCPv6 server can control the allocation of IPv6 addresses in the
DMZ.
To add an IPv6 DMZ address pool:
1.
On the DMZ Setup screen for IPv6 (see
Figure
65
on page
119), under the List of IPv6
Address Pools table, click
Add
. The DMZ IPv6 Config screen displays:
Figure 66.
DHCP Status
(continued)
DNS Server
Select one of the DNS server options from the drop-down lists:
Use DNS Proxy
. The VPN firewall acts as a proxy for all
DNS requests and communicates with the ISP’s DNS
servers that you configured on the WAN IPv6 ISP Settings
screen (see
Configure a Static IPv6 Internet Connection
on
page
58).
Use DNS from ISP
. The VPN firewall uses the ISP’s DNS
servers that you configured on the WAN ISP IPv6 Settings
screen (see
Configure a Static IPv6 Internet Connection
on
page
58).
Use below
. When you select this option, the DNS server
fields become available for you to enter IP addresses.
Primary DNS Server
Enter the IP address of the primary
DNS server for the DMZ.
Secondary DNS Server
Enter the IP address of the
secondary DNS server for the DMZ.
Lease/Rebind
Time
Enter the period after which the DHCP lease is renewed with
the original DHCP server or rebound with another DHCP server
to extend the existing DHCP lease. The default period is
86400
seconds (24 hours).
Table 24.
DMZ Setup screen settings for IPv6 (continued)
Setting
Description
Page 122 / 469
LAN Configuration
122
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
2.
Enter the settings as described in the following table:
3.
Click
Apply
to save your changes and add the new IPv6 address pool to the List of IPv6
Address Pools table on the DMZ Setup (IPv6) screen.
To edit an IPv6 DMZ address pool:
1.
On the DMZ Setup screen for IPv6 (see
Figure
65
on page
119), click the
Edit
button in
the Action column for the address pool that you want to modify. The DMZ IPv6 Config
screen displays.
2.
Modify the settings as described in the previous table.
3.
Click
Apply
to save your settings.
To delete one or more IPv6 DMZ address pools:
1.
On the DMZ Setup screen for IPv6 (see
Figure
65
on page
119), select the check box to
the left of each address pool that you want to delete, or click the
Select All
table button
to select all address pools.
2.
Click the
Delete
table button.
Configure the IPv6 Router Advertisement Daemon and
Advertisement Prefixes for the DMZ
Note:
If you do not configure stateful DHCPv6 for the DMZ but use
stateless DHCPv6, you need to configure the Router Advertisement
Deamon (RADVD) and advertisement prefixes.
The RADVD is an application that uses the Neighbor Discovery Protocol (NDP) to collect
link-local advertisements of IPv6 addresses and IPv6 prefixes in the DMZ. The RADVD then
distributes this information in the DMZ, which allows IPv6 clients to configure their own IPv6
address.
Table 25.
DMZ IPv6 Config screen settings
Setting
Description
Start IPv6 Address
Enter the start IP address. This address specifies the first of the contiguous
addresses in the IP address pool. Any new DHCPv6 client joining the DMZ is
assigned an IP address between this address and the end IP address.
End IPv6 Address
Enter the end IP address. This address specifies the last of the contiguous
addresses in the IP address pool. Any new DHCPv6 client joining the DMZ is
assigned an IP address between the start IP address and this IP address.
Prefix Length
Enter the IPv6 prefix length, for example, 10 or 64.
Page 123 / 469
LAN Configuration
123
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Hosts and routers in the LAN use NDP to determine the link-layer addresses and related
information of neighbors in the LAN that can forward packets on their behalf. The VPN
firewall periodically distributes router advertisements (RAs) throughout the DMZ to provide
such information to the hosts and routers in the DMZ. RAs include IPv6 addresses, types of
prefixes, prefix addresses, prefix lifetimes, the maximum transmission unit (MTU), and so on.
In addition to configuring the RADVD, you also need to configure the prefixes that are
advertised in the DMZ RAs.
The following table provides an overview of how information is obtained in the DMZ when you
have configured a stateless DHCPv6 server and the RADVD:
When the Managed flag is set in the RADVD, the DHCPv6 server can assign IP addresses,
and the RADVD also assigns IP addresses in the sense that it provides information that
allows IPv6 clients to configure their own IPv6 address.
When the Other flag is set, the DHCPv6 server does not assign IP addresses but provides
DNS server and other configuration information only.
To configure the Router Advertisement Daemon for the DMZ:
1.
Select
Network Configuration > DMZ Setup
.
2.
In the upper right of the screen, select the
IPv6
radio button. The DMZ Setup screen
displays the IPv6 settings (see
Figure
65
on page
119).
3.
Click the
RADVD
option arrow to the right of the DMZ Setup tab. The RADVD screen for the
DMZ displays. (The following figure contains some examples.)
Table 26.
DHCPv6 and RADVD interaction in the DMZ
Flags in the RADVD
DHCPv6 Server Provides
RADVD Provides
Managed RA flag is set
IP address assignment
DNS server and other configuration
information
IP address assignment
Prefix
Prefix length
Gateway address
Other RA flag is set
DNS server and other configuration information
IP address assignment
Prefix
Prefix length
Gateway address
Page 124 / 469
LAN Configuration
124
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 67.
4.
Enter the settings as described in the following table:
Table 27.
RADVD screen settings for the DMZ
Setting
Description
RADVD Status
Specify the RADVD status by making a selection from the drop-down list:
Enable
. The RADVD is enabled, and the RADVD fields become available for you
to configure.
Disable
. The RADVD is disabled, and the RADVD fields are masked out. This is
the default setting.
Advertise Mode
Specify the advertisement mode by making a selection from the drop-down list:
Unsolicited Multicast
. The VPN firewall advertises unsolicited multicast packets
at a rate that is specified by the advertisement interval.
Unicast only
. The VPN firewall responds to unicast packet requests only. No
unsolicited packets are advertised. Select this option for nonbroadcast multiple
access (NBMA) links such as ISATAP.
Advertise Interval
Enter the advertisement interval of unsolicited multicast packets in seconds. The
minimum value is 10 seconds; the maximum value is 1800 seconds.
Page 125 / 469
LAN Configuration
125
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
5.
Click
Apply
to save your changes.
Advertisement Prefixes for the DMZ
You need to configure the prefixes that are advertised in the DMZ RAs. For a 6to4 address,
you need to specify only the site level aggregation identifier (SLA ID) and the prefix lifetime.
For a global, local, or ISATAP address, you need to specify the prefix, prefix length, and
prefix lifetime.
To add an advertisement prefix for the DMZ:
1.
On the RADVD screen for the DMZ, under the List of Prefixes to Advertise table, click
Add
. The Add Advertisement Prefix screen displays:
RA Flags
Specify what type of information the DHCPv6 server provides in the DMZ by making a
selection from the drop-down list:
Managed
. The DHCPv6 server is used for autoconfiguration of the IP address.
Other
. The DHCPv6 server is not used for autoconfiguration of the IP address, but
other configuration information such as DNS information is available through the
DHCPv6 server.
Note:
Irrespective of the RA flag settings, the RADVD provides information about the
prefix, prefix length, and gateway addresses and is also used for autoconfiguration of
the IP address.
Router Preference
Specify the VPN firewall’s preference in relation to other hosts and routers in the DMZ
by making a selection from the drop-down list:
Low
. The VPN firewall is treated as a nonpreferred router in the DMZ.
Medium
. The VPN firewall is treated as a neutral router in the DMZ.
High
. The VPN firewall is treated as a preferred router in the DMZ.
MTU
The maximum transmission unit (MTU) size for a packet in one transmission over a
link. The default setting is 1500.
Router Lifetime
The router lifetime specifies how long the default route that was created as a result of
the router advertisement should remain valid.
Enter the router lifetime in seconds. This is the period that the advertised prefixes are
valid for route determination. The default period is 3600 seconds (one hour). The
minimum value is 30 seconds; the maximum value is 9000 seconds.
Table 27.
RADVD screen settings for the DMZ (continued)
Setting
Description

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top