Restricting Access To The Edge Optional Interface By Mac Address; Making Static Routes; Using Slash Notation - Watchguard Firebox X20E User Manual

To configure the Edge to allow wireless connections through the optional interface, see the "Firebox X
Edge e-Series Wireless Setup" chapter.

Restricting access to the Edge optional interface by MAC address

You can control access to the Firebox® X Edge e-Series optional interface by computer hardware (MAC)
address. If this feature is enabled, and the MAC address of a computer that tries to connect to the Edge
optional network is not included in this configuration, the connection fails.
To connect to the System Status page, type https:// in the browser address bar, and the IP
1
address of the Firebox X Edge trusted interface.
The default URL is: https://192.168.111.1
From the navigation bar, select Network > Optional and click the Allowed MAC Addresses tab.
2
Select the Restrict Access by Hardware MAC Address check box.
3
Click Scan to have the Edge find all known hardware addresses on the network. If you want the
4
Edge to try to resolve host names for all Windows computers it finds during the scan process,
make sure the Try to resolve Windows host names during scan check box is selected. This can
make the scan procedure take more time.
Select one or more devices that you want to add to your list of allowed MAC addresses for this
5
interface. Press and hold the CTRL key to select more than one device. You can select from more
than one column at the same time. Click OK to add the device or devices to your list of allowed
MAC addresses.
To manually add a hardware address and its host name to your configuration, click Add.
6
Select the Log attempted access from MAC addresses not in the list check box if you want the
7
Edge to generate a log message each time a computer whose hardware address is not in the list
tries to get access to the Edge.
Click Submit
8

Making Static Routes

You can configure the Firebox® X Edge e-Series to send traffic to networks that are behind routers
when you add static routes to these networks.

Using slash notation

A host is one computer. A network is more than one computer that uses a range of IP addresses. To
make a static route that uses a network address instead of one host IP, you must enter the range of sub-
net masks. The subnet mask, similar to an IP address, is a 32-bit address that is made of four octets. An
octet is an 8-bit sequence. For example, the decimal representation of the basic class C subnet mask
255.255.255.0 can also be written as: 11111111.11111111.11111111.00000000. In a subnet mask, the 1
shows the bits reserved for the network address. The zero shows the bits available for the host
addresses. When you write a subnet mask, a group of eight 1's is represented by 255 because there are
two hundred and fifty-five possible addresses in that range. A network address can be written as
192.168.1.1 with a subnet mask 255.255.255.0. For more information on network addressing and sub-
net masks, see "Identifying Your Network Settings" on page 11.
The Firebox® X Edge e-Series uses slash notation to show the subnet mask for a network. When you
show the subnet mask as a decimal as in the example above, count each 1 in the binary subnet mask. In
this example, there are twenty-four. The subnet 255.255.255.0 is shown by /24 in slash notation.
User Guide
.
Making Static Routes
69