Add Interfaces
The 'Interfaces' area lets you add and edit interfaces which connect to different network zones. You can also add fail-over uplinks for groups of devices or individual devices.
- The 'Interfaces' screen is the only place you can add network zone interfaces to organizations and individual devices.
- Network and interface configurations are also imported when you add a firewall to central manager.
- Click 'Dashboard' > select the device > Click 'Actions' > 'Network Configuration' in the device tile to view its network settings
- Central manager interfaces can be assigned to the ports of a device from the dashboard.
- Click 'Actions' > 'Network Configurations' in the device tile
- Select the interface from the 'Actions' drop-down in the row of the port
- See Network Configuration for more details
- Interfaces added to an organization will be available for all devices assigned to that organization. (These device names will have a prefix 'O' in the 'Actions' drop-down).
- Interfaces added to an individual device will be available only for that specific device. (These device names will have a prefix 'D' in the 'Actions' drop-down)
To add and manage network zone
interfaces
- Click 'Interfaces' on the left
- Select the organization/device from the drop-down in the title bar
- Select an organization to manage the interfaces for all of devices belonging to the organization
- Select an individual device under an organization to manage the interfaces for a specific device
The screen shows a list of network zone interfaces configured for the selected organization or device.
Zones - Column Descriptions |
||
---|---|---|
Column Header |
Description |
|
Name |
The label of the network zone interface. |
|
Zone |
The type of network interface. The network zone can be one of the following:
|
|
Ip Address |
The address of the interface. |
|
Netmask |
The netmask of the network zone connected through the interface. |
|
Actions |
Edit |
Edit the connection settings of the interface. |
Delete |
Disconnects the interface and clears the port. |
The following sections explain how to configure network zone interfaces:
Add an untrusted external network zones like WAN for connecting to the internet
- Click 'Add Zone' on the top-left of the 'Zones' screen
The 'Add Zone' dialog will appear.
- Select 'Internet' from the 'Zone' drop-down
- Type - Choose the interface type through which the virtual appliance will connect to the internet. The available options are:
- STATIC - The external network interface is in a LAN and has a fixed IP address and netmask. An example is a router in which the DFW device is assigned a fixed IP address.
- DHCP - The external network interface receives its network configuration through dynamic host control protocol (DHCP) from a local server, router, or modem.
- PPPoE - The external interface is connected to an ADSL modem through an ethernet cable. Select this option only if the modem uses the Point-to-Point Protocol over Ethernet (PPPoE) to connect to the service provider.
The following sections explain configuration for each interface type:
- Select 'STATIC' from the 'Type' drop-down
- Configure the following for the external network zone
Device Settings
- Name - Enter a label to identify the interface
- IP Address - The address that will be assigned to the interface
- Netmask - Choose the network mask containing the possible masks from the drop-down (e.g. /24 - 255.255.255.0)
- Add additional addresses - Enable this box if you wish to add additional IP address(es)/netmask(s) to the interface.
- Default gateway - Enter the IP address of the gateway through which the firewall connects to the internet
- DNS Settings - Enter the IP addresses/hostnames of the primary and secondary DNS servers you wish to use.
Uplink Settings
- Uplink is Enabled - The uplink will be activated after you click 'Save'. Deselect this if you don't want to enable the uplink device at this time. You can enable the uplink later by editing the interface from the dashboard of the firewall device console.
- Start uplink on boot - The uplink will start automatically on every restart of the DFW device. Deselect this checkbox if you want to manually start the uplink when required.
- Uplink is managed - The uplink will be managed by Dome Firewall and its details displayed in the firewall dashboard. Deselect this option if you do not want the uplink details to be shown in the dashboard. You can change the uplink to managed at any time by enabling the 'Managed' checkbox beside the uplink in the dashboard.
- Backup Profile - Select if you want to specify an alternate uplink connection which will become active in the event this one fails. Choose the alternative uplink from the drop-down.
Advanced Settings:The Advanced Settings pane allows you to specify the MAC address and the Maximum Transmission Unit (MTU) of the data packets for the interface device. These settings are optional.
- Click the 'Advanced Settings' link if you need to specify custom values for these fields
- Use custom MAC address - The firewall will automatically detect the MAC address of the network adapter port and will populate it in the MAC address column. Enable 'Use custom MAC address' if you need to override and replace the default MAC address of the external interface. Enter the MAC address in the text box that appears below the checkbox.
- Reconnection timeout - Specify the maximum period in seconds that the uplink should attempt to reconnect in the event of a connection failure. The connection timeout period depends on the ISP configuration. If you are unsure, leave this field blank.
- MTU - Enter the Maximum Transmission Unit (MTU) of the data packets that can be sent over the network.
- Click 'Save'.
The interface will be added to the list.
Tip: You can edit a network zone interface at any time by click the 'Edit' button in the row of the interface. |
- Select 'PPPoE' from the 'Type' drop-down
- Configure the following for the external network zone with PPPoE interface
Device Settings
- Name – Enter a label to identify the interface.
- Add additional addresses – Enable to add additional IP address(es)/netmask(s) to the interface. Enter the additional address(es)/netmask(s) one per line in the text box that appears.
- Username - Enter the login username for the internet connection as provided by the Internet Service Provider (ISP)
- Password - Enter the login password as provided by the ISP
- Authentication Method - Choose the method of authentication used by your ISP for your device to connect to internet. The options available are: Password Authentication Protocol (PAP); Challenge Handshake Authentication Protocol (CHAP); or both. If you are not sure, choose 'PAP or CHAP' (Default).
- Use Custom DNS Settings – Specify your preferred DNS servers. Enable this checkbox and enter the IP address/hostname of your primary and secondary DNS servers. DNS servers will be automatically assigned if you do not enable this option.
Uplink Settings
- Uplink is Enabled - The uplink will be activated immediately after it is created. Deselect this if you don't want to enable the uplink device at this time. You can enable the uplink later by editing the interface device or from the dashboard of the firewall device console.
- Start uplink on boot - The uplink will start automatically after every restart of the firewall device. Deselect this checkbox if you want to manually start the uplink only when required.
- Uplink is managed - The uplink will be managed by Dome Firewall and its details displayed in the firewall console dashboard. Deselect this option if you do not want uplink details to be shown in the dashboard. You can switch the uplink to managed state at any time by selecting the 'Managed' checkbox beside the uplink in the dashboard.
- Backup Profile – Select if you want to specify an alternate uplink connection to be activated in the event this uplink fails. Choose the alternative device from the drop-down.
- Additional Link check hosts - In the event of a connection failure, the uplink will attempt to reconnect after a time period set by your ISP. If you want the virtual appliance to check whether the uplink has connected successfully, you can try to ping known hosts in an external network. Enabling this option will reveal a text field where you should enter a list of one or more perpetually reachable IP addresses or hostnames. One of the hosts could be your ISP's DNS server or gateway.
Advanced Settings:
- The 'Advanced Settings' pane lets you specify the MAC address and the Maximum Transmission Unit (MTU) of the data packets for the interface. These settings are optional.
- Click the 'Advanced Settings' link if you need to specify custom values for these fields.
- Use custom MAC address - The firewall will automatically detect the MAC address of the network adapter port and will populate it in the MAC address column. Enable 'Use custom MAC address' if you need to override and replace the default MAC address of the external interface. Enter the MAC address in the text box that appears below the checkbox.
- Concentrator name - Enter the identifier of the remote access concentrator setup by your service provider (Optional, usually not needed).
- Service Name - Enter the name of your ISP (Optional, usually not needed).
- Reconnection timeout - Specify the maximum period in seconds that the uplink should attempt to reconnect in the event of a connection failure. The connection timeout depends on the ISP configuration. If you are unsure, leave this field blank.
- MTU - Enter the Maximum Transmission Unit (MTU) of the data packets that can be sent over the network.
- Click 'Save'.
The interface device will be added to the list.
Tip: You can edit the network zone interface e.g. for changing selected parameters like network range of a zone, at any time depending on changes in the network. Click the 'Edit' button in the row of the device, make the changes and save the changes. |
- Select 'DHCP' from the 'Type' drop-down
- Configure the following for the external network zone with Ethernet DHCP interface
Device Settings
- Name – Enter a label to identify the interface.
- Use Custom DNS Settings – Specify your preferred DNS servers. Enable this checkbox and enter the IP address/hostname of your primary and secondary DNS servers. DNS servers will be automatically assigned if you do not enable this option.
Uplink Settings
- Uplink is Enabled - The uplink will be activated immediately after it is created. Deselect this if you don't want to enable the uplink device at this time. You can enable the uplink later by editing the interface or from the dashboard of the firewall device console.
- Start uplink on boot - The uplink will start automatically after every restart of the firewall device. Deselect this checkbox if you want to manually start the uplink only when required.
- Uplink is managed - The uplink will be managed by Dome Firewall and its details displayed in the firewall console dashboard. Deselect this option if you do not want uplink details to be shown in the dashboard. You can switch the uplink to managed state at any time by selecting the 'Managed' checkbox beside the uplink in the dashboard.
- Backup Profile - Select if you want to specify an alternate uplink connection to be activated in the event this uplink fails. Choose the alternative device from the drop-down.
- Additional Link check hosts – In the event of a connection failure, the uplink will attempt to reconnect after a time period set by your ISP. If you want the virtual appliance to check whether the uplink has connected successfully, you can try to ping known hosts in an external network. Enabling this option will reveal a text field where you should enter a list of one or more perpetually reachable IP addresses or hostnames. One of the hosts could be your ISP's DNS server or gateway.
Advanced Settings:
- The 'Advanced Settings' pane lets you specify the MAC address and the Maximum Transmission Unit (MTU) of data packets for the interface. These settings are optional.
- Click the 'Advanced Settings' link if you need to specify custom values for these fields
- Use custom MAC address - The firewall will automatically detect the MAC address of the network adapter port and will populate it in the MAC address column. Enable 'Use custom MAC address' if you need to override and replace the default MAC address of the external interface. Enter the MAC address in the text box that appears below the checkbox.
- Reconnection timeout - Specify the maximum period in seconds that the uplink should attempt to reconnect in the event of a connection failure. The connection timeout period depends on the ISP configuration. If you are unsure, leave this field blank.
- MTU - Enter the Maximum Transmission Unit (MTU) of the data packets that can be sent over the network.
- Click 'Save'.
The interface will be added to the list.
Tip: You can edit a network zone interface at any time by click the 'Edit' button in the row of the interface. |
Add trusted internal network zones like LAN, DMZ and Wi-Fi interfaces
- Click 'Add Zone' at the top-left of the 'Zones' screen.
The 'Add Zone' dialog will appear.
- Select 'LAN', 'WIFI' or 'DMZ' from the 'Zone' drop-down as required.
- Configure the following for the internal network zone:
- Name – Enter a label to identify the interface.
- IP Address - Enter the IP address of the interface as pre-configured in the network
- Netmask - Choose the network mask containing the possible masks from the drop-down (e.g. /24 - 255.255.255.0)
- Add additional addresses - Enable to add additional IP address(es)/netmask(s) to the interface. Enter the additional address(es)/netmask(s) one per line in the text box that appears.
- Click 'Save'.
The interface will be added to the list.
Tip: You can edit a network zone interface at any time by click the 'Edit' button in the row of the interface. |