Page 36 / 218 Scroll up to view Page 31 - 35
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
2-10
Connecting to the Internet (WAN)
v1.0, October 2008
Configuring the WAN Mode
To access the WAN Mode, click on
Network Configuration > WAN Settings
and select the
WAN Mode tab.
The WAN mode page allows you to configure how your firewall uses the external Internet
connection. This screen gives you two choices for accessing the external Internet connection.
Network Address Translation (NAT)
. This technique allows several computers on a
LAN to share the same Internet connection (IP address) while using private IP address on
the LAN, which are hidden from the Internet.
Classical Routing
. This method allows the firewall to perform the routing, but requires
separate valid static Internet IP address for each PC on your LAN.
Network Address Translation
Network Address Translation (NAT) allows all PCs on your LAN to share a single public Internet
IP address. From the Internet, there is only a single device (the firewall) and a single IP address.
PCs on your LAN can use any private IP address range, and these IP addresses are not visible from
the Internet.
The firewall uses NAT to select the correct PC (on your LAN) to receive any incoming data.
If you only have a single public Internet IP address, you MUST use NAT. (the default setting).
If your ISP has provided you with multiple public IP addresses, you can use one address as the
primary shared address for Internet access by your PCs, and you can map incoming traffic on
the other public IP addresses to specific PCs on your LAN. This one-to-one inbound mapping
is configured using an inbound firewall rule.
Classical Routing
In classical routing mode, the firewall performs routing, but without NAT. To gain Internet access,
each PC on your LAN must have a valid static Internet IP address.
If your ISP has allocated a number of static IP addresses to you, and you have assigned one of
these addresses to each PC, you can choose classical routing. Or, you can use classical routing for
routing private IP addresses within a campus environment.
To learn the status of the WAN port, you can view the Router Status page (see
“Monitoring VPN
Tunnel Connection Status” on page 11-13
) or look at the LEDs on the front panel (see
“Front Panel
Features” on page 1-6
).
Page 37 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Connecting to the Internet (WAN)
2-11
v1.0, October 2008
Configuring Dynamic DNS
Dynamic DNS (DDNS) is an Internet service that allows routers with varying public IP addresses
to be located using Internet domain names. To use DDNS, you must setup an account with a
DDNS provider such. Links to DynDNS, TZO and Oray are provided for your convenience as
Tabbed menus in the
Dynamic DNS
configuration screen. The firewall firmware includes
software that notifies dynamic DNS servers of changes in the WAN IP address, so that the services
running on this network can be accessed by others on the Internet.
If your network has a permanently assigned IP address, you can register a domain name and have
that name linked with your IP address by public Domain Name Servers (DNS). However, if your
Internet account uses a dynamically assigned IP address, you will not know in advance what your
IP address will be, and the address can change frequently—hence, the need for a commercial
DDNS service, which allows you to register an extension to its domain, and restores DNS requests
for the resulting FQDN to your frequently-changing IP address.
After you have configured your account information in the firewall, whenever your ISP-assigned
IP address changes, your firewall will automatically contact your DDNS service provider, log in to
your account, and register your new IP address.
For auto-rollover mode, you will need a fully qualified domain name (FQDN) to implement
features such as exposed hosts and virtual private networks regardless of whether you have a
fixed or dynamic IP address.
For load balancing mode, you may still need a fully qualified domain name (FQDN) either for
convenience or if you have a dynamic IP address.
Note:
Dynamic DNS enables you to employ some VPN configurations that require using
an FQDN instead of the WAN IP address.
Note:
If your ISP assigns a private WAN IP address such as 192.168.x.x or 10.x.x.x, the
dynamic DNS service will not work because private addresses will not be routed
on the Internet.
Page 38 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
2-12
Connecting to the Internet (WAN)
v1.0, October 2008
To configure Dynamic DNS:
1.
Select
Network Configuration > Dynamic DNS
from the main/submenu.
The
Current WAN Mode
section reports the currently configured WAN mode. Only those
options that match the configured WAN Mode will be accessible.
2.
Select the Dynamic DNS Service you will use.
The fields corresponding to the selection you have chosen will be activated. Each DDNS
service provider requires its own parameters.
3.
Access the Web site of one of the DDNS service providers and set up an account. Links to
three DDNS providers are in the tab header.
4.
After registering for your account, return to the
Dynamic DNS
menu and fill in the required
fields for the DDNS service you selected:
a.
In the Host and Domain Name field, enter the entire FQDN name that your dynamic DNS
service provider gave you (for example: <
yourname>
.dyndns.org).
b.
Enter the User Name, User email Address, or Account Name requested by the DDNS
Service to identify you when logging into your DDNS account.
c.
Enter the Password, or User Key, for your DDNS account.
d.
If your dynamic DNS provider allows the use of wildcards in resolving your URL, check
Use wildcards
to activate this feature.
For example, the wildcard feature will cause
anything.yourhost.dyndns.org
to be aliased
to the same IP address as
yourhost.dyndns.org
e.
If your dynamic DNS provider requires you to renew your account monthly, check
Update every 30 days
to have the firewall renew the account automatically.
5.
Click
Apply
to save your configuration.
Configuring the Advanced WAN Options (Optional)
To configure the Advanced WAN options:
1.
Select
Network Configuration > WAN Settings
from the main/submenu.
The WAN ISP Settings screen displays.
Page 39 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
Connecting to the Internet (WAN)
2-13
v1.0, October 2008
2.
Click the
Advanced
link to the right of the tabs. The
WAN Advanced Options
tab is
displayed.
3.
Edit the default information you want to change.
a.
MTU Size
. The normal MTU (Maximum Transmit Unit) value for most Ethernet
networks is 1500 Bytes, or 1492 Bytes for PPPoE connections. For some ISPs, you may
need to reduce the MTU. This is rarely required, and should not be done unless you are
sure it is necessary for your ISP connection.
b.
Port Speed
. In most cases, your firewall can automatically determine the connection
speed of the WAN port. If you cannot establish an Internet connection and the WAN Link
or Speed LED blinks continuously, you may need to manually select the port speed.
AutoSense is the default.
If you know the Ethernet port speed that your broadband modem supports, select it;
otherwise, select 10M. Use the half-duplex settings unless you are sure your broadband
modem supports full duplex.
c.
Router's MAC Address
. Each computer or router on your network has a unique 32-bit
local Ethernet address. This is also referred to as the computer's MAC (Media Access
Control) address. The default is
Use default address
. However, if your ISP requires MAC
authentication, then select either of these options:
Use this Computer's MAC address to have the firewall use the MAC address of the
computer you are now using, or
Use This MAC Address to manually type in the MAC address that your ISP expects.
Figure 2-11
Need new screenshot
Page 40 / 218
ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual
2-14
Connecting to the Internet (WAN)
v1.0, October 2008
The format for the MAC address is 01:23:45:67:89:AB (numbers 0-9 and either uppercase
or lowercase letters A-F). If you select
Use This MAC Address
and then type in a MAC
address, your entry will be overwritten.
4.
Click
Apply
to save your changes.
Additional WAN Related Configuration
If you want the ability to manage the firewall remotely, enable remote management at this time
(see
“Enabling Remote Management Access” on page 9-10
). If you enable remote
management, we strongly recommend that you change your password (see
“Changing
Passwords and Administrator Settings” on page 9-8
).
At this point, you can set up the traffic meter for the WAN, if desired. See
“Enabling the
Traffic Meter” on page 11-1
.

Rate

3.5 / 5 based on 2 votes.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top