Table of Contents
Advertisement
VLANs attached to the
interface
Color
This interface is
Address range
None (interface
disabled)
Dynamic IP (obtained
by DHCP)
Address range
inherited from the
bridge
Fixed IP (static)
Here, several associated IP addresses and network masks may be defined for the same bridge
(the need to create aliases, for example). These aliases may allow you to use this Stormshield
Network firewall as a central routing point. As such, a bridge can be connected to various sub-
networks with a different address range. To add or remove them, simply use the Add and Delete
buttons located above the fields in the table.
Several IP addresses (aliases) can be added in the same address range on an interface. In this
case, these addresses must all have the same mask. Reloading the network configuration will
apply this mask on the first address and a mask /32 on the following addresses.
Page 188/448
List of VLANs attached to the selected interface.
The appliance does not need to be systematically rebooted whenever a VLAN is
deleted.
Color assigned to the interface.
An interface can either be "internal (protected)" or "external (public)".
If you select "internal (protected)", you are indicating that this interface is protected.
This protection includes the memorization of machines that have logged on to this
interface, conventional traffic security mechanisms (TCP) and implicit rules for
services offered by the firewall such as DHCP (see the chapter Implicit rules).
Protected interfaces are represented by a shield (
If you select "external (public)", you are indicating that this part of the network is
linked up to the internet. In most cases, the external interface, linked up to the
internet, has to be in external mode. The shield icon disappears when this option is
selected.
By selecting/unselecting this option, the interface will be enabled/disabled. By
disabling an interface, it becomes unusable. In terms of use, this may correspond to
an interface to be used in the near or distant future, but which is not active. An
interface which has been disabled because it is not in use is an example of an
additional security measure against intrusions.
The assigned IP address can be matched to a domain name via a DNS service provider
(dyndns.org for example) in order to contact this firewall without having to know its IP
address. This option is used when your firewall does not have a static IP address (e.g.,
your service provider, or DHCP renews its IP address regularly).
This feature can be enabled by selecting a dynamic DNS account that you would have
configured earlier. The configuration of dynamic DNS clients is explained further in the
document Dynamic DNS module.
This field allows specifying to the firewall that the configuration of the bridge (IP
address and mask) is defined by DHCP. In this case, the "DHCP" zone in the Advanced
properties tab will be enabled.
If the interface is part of a bridge, the address range of the bridge can be retrieved.
By selecting this option, the interface will have a static address range. In this case, its
IP address and the mask of the sub-network to which the interface belongs, have to
be indicated.
SNS - USER CONFIGURATION MANUAL V.3
).
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
INTERFACES
- Quick Links:
- Administrator Management
Hide quick links:
Advertisement
Table of Contents
