Table of Contents
Advertisement
Network Setup menu options
Guest network
Guest network
The intended usage of guest connections is for connecting to a guest network, which is an untrusted LAN or
wireless network. Machines connected to the guest network must establish a VPN connection to the UTM
Firewall appliance in order to access the LAN, DMZ, or Internet. Once a VPN connection is established over
a guest interface, access is allowed to all other firewall classes by default through the VPN connection.
Note:
Guest network is not available on the SG310 or SG640 PCI appliances.
By default, you can configure the appliance's DHCP server to hand out addresses on a guest network, and
the appliance's VPN servers to listen for connections from a guest network and establish VPNs. Aside from
this, access to any LAN, DMZ, or Internet connections from the guest network is blocked.
If you want to allow machines on a guest network direct access to the Internet, LAN, or DMZ without first
establishing a VPN connection, add packet filtering rules to allow access to services on the LAN or Internet
as desired.
Caution:
Caution is advised before allowing machines on a guest network direct access to your LAN, which may
make it easier for an attacker to compromise internal servers. Caution is also advised before allowing machines
on a guest network direct access to the Internet, particularly in the case of guest wireless networks. This may
result in unauthorized use of your Internet connection for sending spam, other malicious or illegal activities, or
simply Internet access at your expense.
Machines on the guest network typically have addresses in a private IP address range, such as 192.168.2.0
/ 255.255.255.0 or 10.2.0.0 / 255.255.0.0. For NAT (Network Address Translation) purposes, the guest
connection is considered a LAN interface. In the Masquerading page, the Enable NAT from LAN/VPN to
Internet or DMZ checkboxes also apply to a guest connection. See NAT, and
source NAT
for further information.
Configuring a guest connection
Use this procedure to configure a guest connection, which is based on configuring a direct connection.
Configuring a direct Connection is described in detail in
From the Network Setup menu, click Network Setup. The Connections page appears.
1
Select Direct Connection from the Configuration list of the network port you want to connect to the
2
guest network. The Direct Connection Settings page appears.
[Optional] Enter a name for the connection, such as Guest, in the Connection Name field.
3
Indicate the IP Address:
4
• If the interface uses DHCP for IP assignment, select the DHCP assigned checkbox.
• If DHCP is not being used, enter the appropriate IP Address in the IP Address field and the appropriate
Subnet Mask in the Subnet Mask field.
Select Guest from Firewall Class list.
5
[Optional] If you want to designate the guest connection as a preferred gateway for load balancing, select
6
the Preferred Gateway checkbox.
Click Update. An action successful message is displayed. To view the guest connection on the
7
Connections page, click the Connections tab.
Wireless
The UTM Firewall appliance's wireless interface can be configured as a wireless access point, accepting
connections from 802.11b (11 Mbit/s)- or 802.11g (54 Mbit/s)-capable wireless clients.
Note:
Wireless is applicable to the SG565 model only.
82
McAfee UTM Firewall 4.0.4 Administration Guide
About masquerading and
Direct connection
overview.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
