Configuration Of The Interface" Tab - Stormshield SN series Configuration Manual

"Configuration of the interface" tab

Name (mandatory)
Comments
VLANs attached to the
interface
Color
This interface is
GRETAP tunnel address
Tunnel source
Tunnel destination
Address range
None (interface
disabled)
Dynamic IP (obtained
by DHCP)
Address range
inherited from the
bridge
Fixed IP (static)
Page 203/448
Name given to the GRETAP interface. (See warning in the introduction to the chapter
on Interfaces)
Allows you to enter comments regarding the interface.
List of VLANs attached to the selected interface.
The appliance does not need to be systematically rebooted whenever a VLAN is
deleted.
Color assigned to the interface.
An interface can either be "internal (protected)" or "external (public)".
If you select "internal (protected)", you are indicating that this interface is protected.
This protection includes the memorization of machines that have logged on to this
interface, conventional traffic security mechanisms (TCP) and implicit rules for
services offered by the firewall such as DHCP (see the chapter Implicit rules).
Protected interfaces are represented by a shield (
If you select "external (public)", you are indicating that this part of the network is
linked up to the internet. In most cases, the external interface, linked up to the
internet, has to be in external mode. The shield icon disappears when this option is
selected.
Select the network object that corresponds to the bridge that supports the GRETAP
interface.
Select (or create) the network object that corresponds to the public address of the
appliance that hosts the remote GRETAP interface.
By selecting/unselecting this option, the interface will be enabled/disabled. By
disabling an interface, it becomes unusable. In terms of use, this may correspond to
an interface to be used in the near or distant future, but which is not active. An
interface which has been disabled because it is not in use is an example of an
additional security measure against intrusions.
The assigned IP address can be matched to a domain name via a DNS service provider
(dyndns.org for example) in order to contact this firewall without having to know its IP
address. This option is used when your firewall does not have a static IP address (e.g.,
your service provider, or DHCP renews its IP address regularly).
This feature can be enabled by selecting a dynamic DNS account that you would have
configured earlier. The configuration of dynamic DNS clients is explained further in the
document Dynamic DNS module.
This field allows specifying to the firewall that the configuration of the bridge (IP
address and mask) is defined by DHCP. In this case, the "DHCP" zone in the Advanced
properties tab will be enabled.
If the interface is part of a bridge, the address range of the bridge can be retrieved.
By selecting this option, the interface will have a static address range. In this case, its
IP address and the mask of the sub-network to which the interface belongs, have to
be indicated.
SNS - USER CONFIGURATION MANUAL V.3
).
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
INTERFACES