Network Connections

71

Physically connect modem device

Attach the modem serial cable to the CyberGuard SG appliance’s serial port (

COM1

).

Note

To connect to an ISDN line, the CyberGuard SG appliance requires an intermediate

device called a Terminal Adapter (TA).

A TA connects into your ISDN line and has either

a serial or Ethernet port that is connected to your CyberGuard SG appliance.

Do not

plug

an ISDN connection directly in to your CyberGuard SG appliance.

Dialout Internet

Select

Dialout Internet

to use this port as your primary Internet connection.

A page

similar to the following figure will be displayed.

Figure 3-7

The following table describes the fields and explains how to configure the dial up

connection to your ISP.

Field

Description

Name of Internet provider

Enter the name of your ISP.

Phone number(s) to dial

Enter the number to dial to reach your ISP.

If you are

behind a PABX that requires you to dial a prefix for an

outside line (e.g.

0 or 9) ensure you enter the appropriate

prefix.

If your ISP has provided you with multiple phone

numbers, you may enter them separated with commas.

Network Connections

72

ISP DNS Server(s)

(

optional

)

Enter the DNS server address supplied by your ISP.

Multiple DNS addresses may be entered separated by

commas.

Note that any DNS addresses automatically

handed out by your ISP will take precedence over the

addresses specified here.

Username and password

Enter the unique username and password allocated by your

ISP.

The

Password

and

Confirm Password

fields

must

match.

Click

Advanced

to configure the following options.

Field

Description

Idle timeout

By default, the CyberGuard SG appliance dials-on-demand

(i.e.

when there is traffic trying to reach the Internet) and

disconnects if the connection is inactive (i.e.

when there is

no traffic to/from the Internet) for 15 minutes.

If using dial-

on-demand, this value can be set from 0 to 99 minutes.

Selecting

Stay Connected

will disable the idle timeout.

Redial setup

If the dial up connection to the Internet fails,

Max

Connection Attempts

specifies

the number of redial

attempts to make before discontinuing .

Time Between

Redials

specifies the number of seconds to wait between

redial attempts.

Statically assigned IP

address

The majority of ISPs dynamically assign an IP address to

your connection when you dialin.

However some ISPs use

pre-assigned static addresses.

If your ISP has given you a

static IP address, enter it in

Local IP Address

and enter the

address of the ISP gateway in

Remote IP Address

.

If a connect of demand connection has been set up,

Connect Now

/

Disconnect Now

buttons will be displayed.

These make the CyberGuard SG appliance dial or hang up the

modem connection immediately.

Dialin access

Select

Dialin Access

to use this port as a dialin server to allow remote users to connect

to your local network.

Refer to the chapter entitled

Dialin Setup

for details on configuring

the CyberGuard SG appliance and remote client.

Network Connections

73

Bridging

The CyberGuard SG may be configured as a network bridge.

You may bridge between

network ports (e.g. Internet – LAN) or enable bridging on a single port (typically LAN or

DMZ) for bridging across a VPN connection.

When bridging has been enabled, a

Bridge

/

br0

port will appear in the

Connections

menu.

It will be allocated the IP address of the port on which bridging was enabled.

This

IP address will be used primarily for accessing the CyberGuard SG appliance

management console, and does not have to be part of the networks that the CyberGuard

SG appliance may being used to bridge between.

Bridging between network ports

Select

Bridged

(

Internet

/

DMZ

/

LAN

) on the two ports to create a bridge between them.

The CyberGuard SG appliance will learn which computers or devices are present on

either side of the bridge and direct traffic appropriately.

Note

When the CyberGuard SG appliance is bridging between LAN and Internet, it will not be

performing NAT/masquerading.

PCs will typically use an IP address on the network

connected to the CyberGuard SG appliance’s Internet port as their gateway, rather than

the CyberGuard SG appliance itself.

Bridging across a VPN connection

Bridging across a VPN connection is useful for:

•

Sending IPX/SPX over a VPN, something that is not supported by other VPN

vendors.

•

Serving DHCP addresses to remote sites to ensure that they are under better

control.

•

It allows users to make use of protocols that do not work well in a WAN

environment (e.g.

netbios

).

A guide to bridging across an IPSec tunnel using GRE is provided in the section entitled

GRE over IPSec

in the

Virtual Private Networking

chapter.

Network Connections

74

Warning

The unit may take up to 30 seconds longer than normal to reboot after bridging has been

enabled.

Routes

Additional routes

The Additional routes feature allows expert users to add additional static routes for the

CyberGuard SG appliance.

These routes are additional to those created automatically by

the CyberGuard SG appliance configuration scripts.

Route management

Your CyberGuard SG appliance can be configured to automatically exchange routing

information with other routers.

Note that this feature is intended for network

administrators adept at configuring route management services.

Check

Enable route management

, select the

Protocol

you wish to use to exchange

routes and click

Apply

.

Once enabled, the routing manager can be configured by editing

zebra.conf

and protocol

d.conf

(e.g.

bgpd.conf

) through

Advanced

->

Configuration

Files

.

For more information on configuring route management, refer to:

Advanced

Unit hostname

The

Unit Hostname

is a descriptive name for the CyberGuard SG appliance on the

network.

If network shares or printers are being shared, this is the computer name that will be

displayed in when browsing the network from a Windows PC

(SG565 only)

.

Network Connections

75

Unit workgroup

Note

SG565 only.

The

Unit Workgroup

is the Windows workgroup or domain to share printers or network

shares with.

These shares resources will not be visible to machines on the LAN that are

not members of this workgroup or domain.

Figure 3-5

DNS proxy

The CyberGuard SG appliance can also be configured to run as a Domain Name Server.

The CyberGuard SG appliance acts as a DNS Proxy and passes incoming DNS requests

to the appropriate external DNS server.

If this is enabled, all the computers on the LAN

should specify the IP address of the CyberGuard SG appliance as their DNS server.