Step 3 - Configure the Network Interfaces
- After installation, port 1 on the virtual machine is automatically configured for LAN with IP 192.168.0.15.
- You need to add network adapters to the VM to add more ports. These new ports will be listed in the 'Interface Configuration' screen as port 2, port 3, port 4 etc.
- You need to complete an initial network configuration to successfully deploy the virtual appliance to the network.
- Dome Firewall has a built-in wizard which assists you to do this.
- Click 'Network' on the left then choose 'Interfaces'.
- You will find that port 1 is already configured with the default configuration, IP : 192.168.0.15 and Subnet mask : 255.255.255.0
- You can update other ports to connect to
- Internet (with your WAN IP and subnet configuration)
- DMZ network zone interface
- Wi-Fi network zone interface
The following sections explain how to configure network zone interfaces:
Configure untrusted external network zone for connecting to the internet (e.g. WAN)
- For your INTERNET connection please use any port other than your LAN port (port 1) and update it with your WAN IP and subnet configuration.
To configure the external network zone
- Click the edit icon in the row of the port you want to use for the internet.
The settings page lets you configure the interface device on the selected port:
- Zone - Select 'Internet' from the drop-down. The configuration options for external network interface devices will appear:
- Type - Choose the interface type through which the virtual appliance is connected to the internet. The available options are:
The following sections explain configuration parameters for each interface type:
- ETHERNET STATIC - The external network interface is in a LAN and has a fixed IP address and netmask. An example is a router in which the DFW virtual appliance is assigned a fixed IP address.
- ETHERNET DHCP - The external network interface receives its network configuration through dynamic host control protocol (DHCP) from a local server, router, or modem.
- PPPoE - The external interface is connected to an ADSL modem through an ethernet cable. Select this option only if the modem uses the Point-to-Point Protocol over Ethernet (PPPoE) to connect to the service provider.
- Configure the following for the external network zone
Device Settings
- Device - The port to which the interface device is connected. The port is pre-selected.
- IP Address - Enter the IP address of the interface device
- Netmask - Choose the network mask containing the possible masks from the drop-down (e.g. /24 - 255.255.255.0)
- Add additional addresses - If additional IP address(es)/netmask(s) are to be added to the interface, select the 'Add additional addresses' checkbox and enter the additional IP address(es)/netmask(s) of different subnets one by one per line.
- Default gateway - Enter the IP address of the default gateway through which the virtual appliance connects to internet in the 'Default Gateway' text box
- DNS Settings - Enter the IP addresses/hostnames of the primary and secondary DNS servers to be used in the respective fields.
Uplink Settings
- Uplink is Enabled - The uplink will be activated immediately after it is created. Deselect this if you don't want to enable the uplink device at this time. You can enable the uplink later in two ways:
- Interface configuration screen - Enable the port in the Interface Configuration screen
- Dashboard - Enable the 'Active' checkbox beside the uplink in the 'Uplinks' box.
- Start uplink on boot - The uplink will start automatically on every restart of the DFW virtual appliance. Deselect this checkbox if you want to manually start the uplink only when required.
- Uplink is managed - The uplink will be managed by Dome Firewall and its details will be displayed in the Dashboard. Deselect this option if you do not want the uplink details to be displayed in the Dashboard. You can switch the uplink to managed state at any time by selecting the 'Managed' checkbox beside the uplink in the Dashboard.
- Backup Profile - Select this checkbox if you want to specify an alternative uplink connection to be activated in the event this uplink fails and choose the alternative uplink device from the drop-down.
- Additional Link check hosts - The uplink reconnects automatically after a time period set by your ISP, in the event of a connection failure. If you want the virtual appliance to check whether the uplink has connected successfully, you can try to ping known hosts in an external network. Enabling this option will reveal a text field where you should enter a list of one or more perpetually reachable IP addresses or hostnames. One of the hosts could be your ISP's DNS server or gateway.
Advanced Settings:
The Advanced Settings pane allows you to specify the MAC address and the Maximum Transmission Unit (MTU) of the data packets for the interface device. These settings are optional. If you need to specify custom values for these fields, click on the '+' sign beside 'Advanced Settings' to expand the 'Advanced Settings' pane.
- Use custom MAC address - The virtual appliance has the capability to automatically detect the MAC address of the device connected to the port specified and populates the same in the MAC address column. If you need to specify a different MAC address to override and replace the default MAC address of the external interface, select the ' Use custom MAC address' checkbox and enter the MAC address in the text box that appears below the checkbox.
- Reconnection timeout - Specify the maximum time period (in seconds) that the uplink should attempt to reconnect in the event of a connection failure. The reconnection timeout period depends on the ISP configuration. If you are unsure, leave this field blank.
- MTU - Enter the Maximum Transmission Unit (MTU) of the data packets that can be sent over the network.
- Click 'Save'.
- Network configuration activities like date, time, type of event, subject id, component name and the event outcome are logged.
- Configure the following for the external network zone with Ethernet DHCP interface
Device Settings
- Device - The port to which the interface device is connected. The port is pre-selected.
- DNS Settings - Select whether the DNS servers are to be automatically or manually assigned. If the latter, select the 'Use Custom DNS Settings' checkbox and enter the IP addresses/hostnames of the your primary and secondary DNS servers.
Uplink Settings
- Uplink is Enabled - The uplink will be activated immediately after it is created.Deselect this if you don't want to enable the uplink device at this time. You can enable the uplink later in two ways:
- Interface configuration screen - Enable the port in the Interface Configuration screen
- Dashboard - Enable the 'Active' checkbox beside the uplink in the 'Uplinks' box.
- Start uplink on boot - The uplink will start automatically on every restart of the DFW virtual appliance. Deselect this checkbox if you want to manually start the uplink when required.
- Uplink is managed - The uplink will be managed by Dome Firewall and its details displayed in thedashboard. Deselect this option if you do not want the uplink to be listed in the dashboard. You can switch the uplink to managed state at any time by selecting the 'Managed' checkbox beside the uplink in the dashboard.
- Backup Profile - Select if you want to specify an alternative uplink connection which is activated in the event this uplink fails. You need to choose the alternative uplink device from the drop-down.
- Additional Link check hosts - The uplink reconnects automatically after a time period set by your ISP in the event of a connection failure. If you want the virtual appliance to check whether the uplink has connected successfully, you can try to ping known hosts in an external network.
- Enabling this option will reveal a text field where you should enter a list of one or more perpetually reachable IP addresses or hostnames. One of the hosts could be your ISP's DNS server or gateway.
Advanced Settings:
The 'Advanced Settings' pane allows you to specify the MAC address and the Maximum Transmission Unit (MTU) of the data packets for the interface device. These settings are optional. If you need to specify custom values for these fields, click on the '+' sign beside 'Advanced Settings' to expand the 'Advanced Settings' pane.
- Use custom MAC address - By default, the virtual appliance automatically detects the MAC address of the device connected to the specified port and populates the MAC address column with this information. If you need to specify a different MAC address (and replace the default MAC address of the external interface), select the ' Use custom MAC address' checkbox and enter the MAC address in the text box that appears below the checkbox.
- Reconnection timeout - Specify the maximum time period (in seconds) that the uplink should attempt to reconnect in the event of a connection failure. The reconnection timeout period depends on the ISP configuration. If you are unsure, leave this field blank.
- MTU - Enter the Maximum Transmission Unit (MTU) of the data packets that can be sent over the network.
- Click 'Save'.
- Network configuration activities like date, time, type of event, subject id, component name and the event outcome are logged.
- Configure the following for external network zones with PPPoP interface
Device Settings
- Device - The port to which the interface device is connected. The port is pre-selected.
- Add additional addresses - If additional IP address(es)/netmask(s) are to be added to the interface, select the 'Add additional addresses' checkbox and enter the additional IP address(es)/netmask(s) of different subnets one by one per line.
- Username - Enter the login username for internet connection as provided by your Internet Service Provider (ISP)
- Password - Enter the login password as provided by your ISP for internet connection
- Authentication Method - Enter the method of authentication used by your ISP for your device to connect to internet from the drop-down. The options available are: Password Authentication Protocol (PAP); Challenge Handshake Authentication Protocol (CHAP); or both. If you are not sure about the authentication method, choose PAP or CHAP (Default).
- DNS Settings - Select whether the DNS servers are to be automatically assigned or manually assigned. If the later, select the Use 'Custom DNS Settings' checkbox and enter the IP addresses/hostnames of the primary and secondary DNS servers to be used.
Uplink Settings
- Uplink is Enabled - The uplink will be activated immediately after it is created. Deselect this if you don't want to enable the uplink device at this time. You can enable the uplink later in two ways:
- Interface configuration screen - Enable the port in the Interface Configuration screen
- Dashboard - Enable the 'Active' checkbox beside the uplink in the 'Uplinks' box.
- Start uplink on boot - The uplink will start automatically on every restart of the DFW virtual appliance. Deselect this checkbox if you want to manually start the uplink only when required.
- Uplink is managed - The uplink will be managed by Dome Firewall and its details will be displayed in the Dashboard. Deselect this option if you do not want the uplink details to be displayed in the Dashboard. You can switch the uplink to managed state at any time by selecting the 'Managed' checkbox beside the uplink in the Dashboard.
- Backup Profile - Select this checkbox if you want to specify an alternative uplink connection to be activated in the event this uplink fails and choose the alternative uplink device from the drop-down.
Additional Link check hosts - The uplink reconnects automatically after a time period set by your ISP, in the event of a connection failure. If you want the virtual appliance to check whether the uplink has connected successfully, you can try to ping known hosts in an external network. Enabling this option will reveal a text field where you should enter a list of one or more perpetually reachable IP addresses or hostnames. One of the hosts could be your ISP's DNS server or gateway.
Advanced Settings:
The Advanced Settings pane allows you to specify the MAC address and the Maximum Transmission Unit (MTU) of the data packets for the interface device. These settings are optional. If you need to specify custom values for these fields, click on the '+' sign beside 'Advanced Settings' to expand the 'Advanced Settings' pane.
- Use custom MAC address - The virtual appliance has the capability to automatically detect the MAC address of the device connected to the port specified and populates the same in the MAC address column. If you need to specify a different MAC address to override and replace the default MAC address of the external interface, select the ' Use custom MAC address' checkbox and enter the MAC address in the text box that appears below the checkbox.
- Concentrator name - Enter the identifier of the remote access concentrator setup by your service provider (Optional, usually not needed).
- Service Name - Enter the name of your ISP (Optional, usually not needed).
- Reconnection timeout - Specify the maximum time period (in seconds) that the uplink should attempt to reconnect in the event of a connection failure. The reconnection timeout period depends on the ISP configuration. If you are unsure, leave this field blank.
- MTU - Enter the Maximum Transmission Unit (MTU) of the data packets that can be sent over the network.
- Click 'Save'.
- Network configuration activities like date, time, type of event, subject id, component name and the event outcome are logged.
Tip: You can edit the network configuration e.g. for changing selected parameters like hostname or the network range of a zone, at any time depending on changes in your network. Click Network > Interface, click the 'Edit icon' in the 'Internet' row of the table, make the changes and save the changes. |
Configure trusted internal network zone interfaces (e.g. LAN, DMZ, WiFi)
- For your DMZ and Wi-Fi connections please use any port other than your LAN port (port 1) and INTERNET port and update it.
To configure an internal network zone
- Click the edit icon in the row of the port to connect to internet.
The pane for configuring the interface device on the selected port, will open.
- Zone - Select 'LAN', 'WIFI' or 'DMZ' from the 'Zone' drop-down as required.
- Configure the following for the external network zone
- Device - The port to which the interface device is connected. The port is pre-selected.
- IP Address - Enter the IP address of the interface as pre-configured in the network
- Netmask - Choose the network mask containing the possible masks from the drop-down (e.g. /24 - 255.255.255.0)
- Add additional addresses - Enable to add additional IP address(es)/netmask(s) to the interface. Enter the additional address(es)/netmask(s) one per line in the text box that appears.
- Hostname and Domainname - Enter the host name of your network server and the domain name of your network in the respective text fields
- Click 'Save'.
The virtual appliance will restart for your settings to take effect.
- Network configuration activities like date, time, type of event, subject id, component name and the event outcome are logged.
Tip: You can edit the network configuration e.g. for changing selected parameters like hostname or the network range of a zone, at any time depending on changes in your network. Click Network > Interface, click the 'Edit icon' in the respective row of the table, make the changes and save the changes. |