ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

2-10

Connecting to the Internet (WAN)

v1.0, October 2008

Configuring the WAN Mode

To access the WAN Mode, click on

Network Configuration > WAN Settings

and select the

WAN Mode tab.

The WAN mode page allows you to configure how your firewall uses the external Internet

connection. This screen gives you two choices for accessing the external Internet connection.

•

Network Address Translation (NAT)

. This technique allows several computers on a

LAN to share the same Internet connection (IP address) while using private IP address on

the LAN, which are hidden from the Internet.

•

Classical Routing

. This method allows the firewall to perform the routing, but requires

separate valid static Internet IP address for each PC on your LAN.

Network Address Translation

Network Address Translation (NAT) allows all PCs on your LAN to share a single public Internet

IP address. From the Internet, there is only a single device (the firewall) and a single IP address.

PCs on your LAN can use any private IP address range, and these IP addresses are not visible from

the Internet.

•

The firewall uses NAT to select the correct PC (on your LAN) to receive any incoming data.

•

If you only have a single public Internet IP address, you MUST use NAT. (the default setting).

•

If your ISP has provided you with multiple public IP addresses, you can use one address as the

primary shared address for Internet access by your PCs, and you can map incoming traffic on

the other public IP addresses to specific PCs on your LAN. This one-to-one inbound mapping

is configured using an inbound firewall rule.

Classical Routing

In classical routing mode, the firewall performs routing, but without NAT. To gain Internet access,

each PC on your LAN must have a valid static Internet IP address.

If your ISP has allocated a number of static IP addresses to you, and you have assigned one of

these addresses to each PC, you can choose classical routing. Or, you can use classical routing for

routing private IP addresses within a campus environment.

To learn the status of the WAN port, you can view the Router Status page (see

“Monitoring VPN

Tunnel Connection Status” on page 11-13

) or look at the LEDs on the front panel (see

“Front Panel

Features” on page 1-6

).

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Connecting to the Internet (WAN)

2-11

v1.0, October 2008

Configuring Dynamic DNS

Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses

to be located using Internet domain names. To use DDNS, you must setup an account with a

DDNS provider such. Links to DynDNS, TZO and Oray are provided for your convenience as

Tabbed menus in the

Dynamic DNS

configuration screen. The firewall firmware includes

software that notifies dynamic DNS servers of changes in the WAN IP address, so that the services

running on this network can be accessed by others on the Internet.

If your network has a permanently assigned IP address, you can register a domain name and have

that name linked with your IP address by public Domain Name Servers (DNS). However, if your

Internet account uses a dynamically assigned IP address, you will not know in advance what your

IP address will be, and the address can change frequently—hence, the need for a commercial

DDNS service, which allows you to register an extension to its domain, and restores DNS requests

for the resulting FQDN to your frequently-changing IP address.

After you have configured your account information in the firewall, whenever your ISP-assigned

IP address changes, your firewall will automatically contact your DDNS service provider, log in to

your account, and register your new IP address.

•

For auto-rollover mode, you will need a fully qualified domain name (FQDN) to implement

features such as exposed hosts and virtual private networks regardless of whether you have a

fixed or dynamic IP address.

•

For load balancing mode, you may still need a fully qualified domain name (FQDN) either for

convenience or if you have a dynamic IP address.

Note:

Dynamic DNS enables you to employ some VPN configurations that require using

an FQDN instead of the WAN IP address.

Note:

If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the

dynamic DNS service will not work because private addresses will not be routed

on the Internet.

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

2-12

Connecting to the Internet (WAN)

v1.0, October 2008

To configure Dynamic DNS:

1.

Select

Network Configuration > Dynamic DNS

from the main/submenu.

The

Current WAN Mode

section reports the currently configured WAN mode. Only those

options that match the configured WAN Mode will be accessible.

2.

Select the Dynamic DNS Service you will use.

The fields corresponding to the selection you have chosen will be activated. Each DDNS

service provider requires its own parameters.

3.

Access the Web site of one of the DDNS service providers and set up an account. Links to

three DDNS providers are in the tab header.

4.

After registering for your account, return to the

Dynamic DNS

menu and fill in the required

fields for the DDNS service you selected:

a.

In the Host and Domain Name field, enter the entire FQDN name that your dynamic DNS

service provider gave you (for example: <

yourname>

.dyndns.org).

b.

Enter the User Name, User email Address, or Account Name requested by the DDNS

Service to identify you when logging into your DDNS account.

c.

Enter the Password, or User Key, for your DDNS account.

d.

If your dynamic DNS provider allows the use of wildcards in resolving your URL, check

Use wildcards

to activate this feature.

For example, the wildcard feature will cause

anything.yourhost.dyndns.org

to be aliased

to the same IP address as

yourhost.dyndns.org

e.

If your dynamic DNS provider requires you to renew your account monthly, check

Update every 30 days

to have the firewall renew the account automatically.

5.

Click

Apply

to save your configuration.

Configuring the Advanced WAN Options (Optional)

To configure the Advanced WAN options:

1.

Select

Network Configuration > WAN Settings

from the main/submenu.

The WAN ISP Settings screen displays.

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

Connecting to the Internet (WAN)

2-13

v1.0, October 2008

2.

Click the

Advanced

link to the right of the tabs. The

WAN Advanced Options

tab is

displayed.

3.

Edit the default information you want to change.

a.

MTU Size

. The normal MTU (Maximum Transmit Unit) value for most Ethernet

networks is 1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs, you may

need to reduce the MTU. This is rarely required, and should not be done unless you are

sure it is necessary for your ISP connection.

b.

Port Speed

. In most cases, your firewall can automatically determine the connection

speed of the WAN port. If you cannot establish an Internet connection and the WAN Link

or Speed LED blinks continuously, you may need to manually select the port speed.

AutoSense is the default.

If you know the Ethernet port speed that your broadband modem supports, select it;

otherwise, select 10M. Use the half-duplex settings unless you are sure your broadband

modem supports full duplex.

c.

Router's MAC Address

. Each computer or router on your network has a unique 32-bit

local Ethernet address. This is also referred to as the computer's MAC (Media Access

Control) address. The default is

Use default address

. However, if your ISP requires MAC

authentication, then select either of these options:

•

Use this Computer's MAC address to have the firewall use the MAC address of the

computer you are now using, or

•

Use This MAC Address to manually type in the MAC address that your ISP expects.

Figure 2-11

Need new screenshot

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

2-14

Connecting to the Internet (WAN)

v1.0, October 2008

The format for the MAC address is 01:23:45:67:89:AB (numbers 0-9 and either uppercase

or lowercase letters A-F). If you select

Use This MAC Address

and then type in a MAC

address, your entry will be overwritten.

4.

Click

Apply

to save your changes.

Additional WAN Related Configuration

•

If you want the ability to manage the firewall remotely, enable remote management at this time

(see

“Enabling Remote Management Access” on page 9-10

). If you enable remote

management, we strongly recommend that you change your password (see

“Changing

Passwords and Administrator Settings” on page 9-8

).

•

At this point, you can set up the traffic meter for the WAN, if desired. See

“Enabling the

Traffic Meter” on page 11-1

.