26

2

2.

IPv4 and IPv6 Internet and WAN

Settings

This chapter explains how to configure the IPv4 and IPv6 Internet and WAN settings. The

chapter contains the following sections:

•

Internet and WAN Configuration Tasks

•

Configure the IPv4 Internet Connection and WAN Settings

•

Configure the IPv6 Internet Connection and WAN Settings

•

Configure Advanced WAN Options and Other Tasks

•

Configure WAN QoS Profiles

•

Additional WAN-Related Configuration Tasks

•

What to Do Next

IPv4 and IPv6 Internet and WAN Settings

27

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

Internet and WAN Configuration Tasks

•

Roadmap to Setting Up IPv4 Internet Connections to Your ISPs

•

Roadmap to Setting Up IPv6 Internet Connections to Your ISPs

Typically, the VPN firewall is installed as a network gateway to function as a combined LAN

switch and firewall to protect the network from incoming threats and provide secure

connections. To complement the firewall protection, NETGEAR advises that you use a

gateway security appliance such as a NETGEAR ProSecure STM appliance.

The tasks that are required to complete the Internet connection of your VPN firewall depend

on whether you use an IPv4 connection, an IPv6 connection, or both to your Internet service

provider (ISP).

Note:

The VPN firewall supports simultaneous IPv4 and IPv6 connections.

Roadmap to Setting Up IPv4 Internet Connections to Your

ISPs

Setting up IPv4 Internet connections to your ISP or ISPs includes seven tasks, five of which

are optional.



Complete these tasks:

1.

Configure the IPv4 routing mode

. Select either NAT or classical routing.

This task is described in

Configure the IPv4 WAN Mode

on page

29.

2.

Configure the IPv4 Internet connections to your ISPs

. Connect to one or more ISPs by

configuring up to four WAN interfaces.

You have two configuration options. These tasks are described in the following sections:

•

Let the VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection

on page

31

•

Manually Configure an IPv4 Internet Connection

on page

34

3.

(Optional) Configure either load balancing or auto-rollover

. By default, the WAN

interfaces are configured for primary (single) WAN mode. You can select load balancing

or auto-rollover and a failure detection method. If you configure load balancing, you can also

configure protocol binding.

This task is described in

Configure Load Balancing or Auto-Rollover for IPv4 Interfaces

on page

40.

4.

(Optional) Configure secondary WAN addresses on the WAN interfaces

. Configure

aliases for each WAN interface.

This task is described in

Configure Secondary WAN Addresses

on page

47.

IPv4 and IPv6 Internet and WAN Settings

28

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

5.

(Optional) Configure Dynamic DNS on the WAN interfaces

. If necessary, configure your

fully qualified domain names.

This task is described in

Configure Dynamic DNS

on page

49.

6.

(Optional) Configure the WAN options

. If necessary, change the factory default MTU size,

port speed, and MAC address of the VPN firewall. These are advanced features, and you

usually do not need to change the settings.

This task is described in

Configure Advanced WAN Options and Other Tasks

on page

71.

7.

(Optional) Configure the WAN traffic meters

.

This task is described in

Configure and Enable the WAN Traffic Meter

on page

356.

Roadmap to Setting Up IPv6 Internet Connections to Your

ISPs

Setting up IPv6 Internet connections to your ISP or ISPs includes six tasks, four of which are

optional.



Complete these tasks:

1.

Configure the IPv6 routing mode

. Configure the VPN firewall to support both devices

with IPv4 addresses and devices with IPv6 addresses.

This task is described in

Configure the IPv6 Routing Mode

on page

53.

2.

Configure the IPv6 Internet connections to your ISPs

. Connect to an ISP by configuring

a WAN interface.

You have three configuration options. These tasks are described in the following sections:

•

Use a DHCPv6 Server to Configure an IPv6 Internet Connection

on page

55

•

Configure a Static IPv6 Internet Connection

on page

58

•

Configure a PPPoE IPv6 Internet Connection

on page

61

3.

(Optional) Configure the IPv6 tunnels

. Enable 6to4 tunnels and configure ISATAP tunnels.

These tasks are described in the following sections:

•

Configure 6to4 Automatic Tunneling

on page

64

•

Configure ISATAP Automatic Tunneling

on page

65

4.

(Optional) Configure Stateless IP/ICMP Translation (SIIT)

. Enable IPv6 devices that do

not have permanently assigned IPv4 addresses to communicate with IPv4-only devices.

This task is described in

Configure Stateless IP/ICMP Translation

on page

67.

5.

(Optional) Configure auto-rollover

. By default, the WAN interfaces are configured for

primary (single) WAN mode. You can enable auto-rollover and configure the failure detection

settings.

These tasks are described in

Configure Auto-Rollover for IPv6 Interfaces

on page

68.

IPv4 and IPv6 Internet and WAN Settings

29

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

6.

(Optional) Configure the WAN options

. If necessary, change the factory default MTU size,

port speed, and MAC address of the VPN firewall. These are advanced features, and you

usually do not need to change the settings.

These tasks are described in

Configure Advanced WAN Options and Other Tasks

on

page

71.

Configure the IPv4 Internet Connection and WAN

Settings

•

Configure the IPv4 WAN Mode

•

Let the VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection

•

Manually Configure an IPv4 Internet Connection

•

Configure Load Balancing or Auto-Rollover for IPv4 Interfaces

•

Configure Secondary WAN Addresses

•

Configure Dynamic DNS

To set up your VPN firewall for secure IPv4 Internet connections, you need to determine the

IPv4 WAN mode (see the next section) and then configure the IPv4 Internet connection to

your ISP on the WAN port. The web management interface offers two connection

configuration options, described in the following sections:

•

Let the VPN Firewall Automatically Detect and Configure an IPv4 Internet Connection

on

page

31

•

Manually Configure an IPv4 Internet Connection

on page

34

Configure the IPv4 WAN Mode

By default, IPv4 is supported and functions in NAT mode but can also function in classical

routing mode. IPv4 functions the same way in IPv4-only mode that it does in IPv4 / IPv6

mode. The latter mode adds IPv6 functionality (see

Configure the IPv6 Routing Mode

on

page

53).

Network Address Translation

Network Address Translation (NAT) allows all computers on your LAN to share a single public

Internet IP address. From the Internet, there is only a single device (the VPN firewall) and a

single IP address. Computers on your LAN can use any private IP address range, and these

IP addresses are not visible from the Internet.

Note the following about NAT:

•

The VPN firewall uses NAT to select the correct computer (on your LAN) to receive any

incoming data.

•

If you have only a single public Internet IP address, you need to use NAT (the default

setting).

IPv4 and IPv6 Internet and WAN Settings

30

ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308

•

If your ISP has provided you with multiple public IP addresses, you can use one address

as the primary shared address for Internet access by your computers, and you can map

incoming traffic on the other public IP addresses to specific computers on your LAN. This

one-to-one inbound mapping is configured using an inbound firewall rule.

Classical Routing

In classical routing mode, the VPN firewall performs routing, but without NAT. To gain Internet

access, each computer on your LAN needs to have a valid static Internet IP address.

If your ISP has allocated a number of static IP addresses to you, and you have assigned one

of these addresses to each computer, you can choose classical routing. Or you can use

classical routing for routing private IP addresses within a campus environment.

To view the status of the WAN ports, you can view the Router Status screen (see

View the

System Status

on page

369).

Configure the IPv4 Routing Mode



To configure the IPv4 routing mode:

1.

Select

Network Configuration > WAN Settings > WAN Mode

.

The WAN Mode screen

displays:

Figure 10.

2.

In the NAT (Network Address Translation) section of the screen, select the

NAT

radio button

or the

Classical Routing

radio button.

WARNING:

Changing the WAN mode causes all LAN WAN and DMZ WAN

inbound rules to revert to default settings.