Another way to get a dynamically assigned address for a Firebox external interface is to use a PPPoE server. When you do this, your ISP gives you the user name and password. In this exercise, we configure a Successful Company
interface to use PPPoE.
After you configure an external interface to use PPPoE, you can optionally configure secondary PPPoE interfaces on the PPPoE tab.
In the Network Configuration dialog box:
1. In the Interfaces list, select Optional-2 (Interface 3). Click Configure.
The Interface Settings dialog box opens.
2. In the Interface Type drop-down list, select External.
3. In the Interface Name text box, type BackupInternet.
4. In the Interface Description text box, type Use when primary connection fails.
5. Select Use PPPoE.
6. In the User Name text box, type the PPPoE user name.
For this exercise, type username.
7. Type and confirm the PPPoE passphrase.
For this exercise, type passphrase.
8. Click OK.
PPPoE appears in the IP address column in the Network Configuration dialog box.
The external interface must be configured with a static IP address for the exercises in the VPN modules later in this training. If you configured the external interface for DHCP or PPPoE, at the end of this exercise set the external interface to use a static IP address.
Exercise 2 — Configure a Trusted Interface as a DHCP Server
In this exercise, we use Policy Manager to configure a trusted interface on the Successful Company Firebox as a DHCP server. The size of the IP address pool controls the number of hosts that the DHCP server can assign IP addresses to.
In the IP addresses for this exercise, replaceXwith your student number.
1. Select Network > Configuration.
2. In the Interfaces list, select Trusted (Interface 1). Click Configure.
The Interface Settings dialog box opens.
3. In the Interface Name text box, type OurLAN.
4. In the Interface Type drop-down list, make sure that Trusted is selected.
5. In the IP address text box, type 10.0.X.1/24. ReplaceXwith your student number.
6. Select the Use DHCP Server radio button.
7. In the Address Pool section, select the existing address pool and click Delete.
8. Click Add.
9. In the Starting address text box, type 10.0.X.100.
10. In the Ending address text box, type 10.0.X.200.
11. Click OK.
12. From the Leasing Time drop-down list, select 24 hours.
13. Click OK.
14. Save the configuration to the device.
If you changed the IP address of the trusted interface you connect to, make sure your computer gets a new IP address on the same subnet. Then, reconnect to the device on the new IP address.
With this configuration, the DHCP server can assign up to 101 IP addresses to DHCP clients. After the DHCP server has assigned all 101 IP addresses, if any other DHCP client requests an IP address, the request fails, and that client cannot connect.
Exercise 3 — Configure an Optional Interface
Optional interfaces are commonly used for servers which are used by both the public and members of your organization, such as HTTP and FTP servers. In this exercise, we configure an optional network that Successful Company can use for their public servers.
The settings for an optional interface are exactly the same as for a trusted interface. The only difference between trusted an optional interfaces is that the trusted interfaces belong to the alias Any-Trusted, and optional interfaces belong to the alias Any-Optional.
1. Select Network > Configuration.
The Network Configuration dialog box appears.
2. Select the Interfaces tab.
3. In the Interfaces list, select Optional-1 (Interface 2). Click Configure.
The Interface Settings dialog box appears.
4. From the Interface Type drop-down list, select Optional.
5. In the Interface Name text box, type PublicServers.
6. In the Interface Description text box, type Servers used by customers and vendors.
7. In the IP Address text box, keep the default network IP address of 10.0.2.1/24.
8. Make sure Disable DHCP is selected.
Because this network does not use DHCP, no further configuration is necessary.
9. Click OK.
The new settings appear for Interface 2.
Exercise 4 — Configure WINS/DNS Server Information
Several Fireware features operate correctly only if you use a WINS/DNS server on your trusted network. These features include Gateway AntiVirus, Intrusion Prevention Service, spamBlocker, and Mobile VPN (Virtual Private Networks). In this exercise, we use Policy Manager to configure the Successful Company Firebox to use WINS/DNS servers on the OurLAN and PublicServers networks.
Your instructor may provide a WINS/DNS server on the training network.
In the IP addresses in this exercise, replaceXwith your student number.
1. Select Network > Configuration.
The Network Configuration dialog box appears.
2. Select the WINS/DNS tab.
3. In the Domain Name text box, type example.com.
4. In the DNS Servers text box, type 10.0.X.53and click Add.
In the DNS Servers text box, type 10.0.2.53 and click Add.
These are the IP addresses of the internal DNS servers for this exercise.
You are not required to enter more than one DNS server. However, we recommend that you add more than one DNS server to make sure that users can still get DNS name resolution when the primary server is not available.
5. In the WINS Servers text boxes, type 10.0.X.53and 10.0.2.53.
These are the IP addresses for the internal WINS servers for this exercise.
6. Click OK.
Exercise 5 — Configure a Secondary Network
A secondary network is a network that shares one of the same physical networks as one of the Firebox interfaces. In this exercise, we use Policy Manager to add a secondary network to the Successful Company OurLAN trusted network.
In the IP address in this exercise, replaceXwith your student number.
1. Select Network > Configuration.
The Network Configuration dialog box appears.
2. Select the Interfaces tab.
3. In the Interfaces list, select OurLAN (Interface 1). Click Configure.
The Interface Settings dialog box appears.
4. Select the Secondary tab.
5. Click Add.
The Add a secondary network dialog box appears.
6. In the IP Address text box, type 172.16.X.1/24. Click OK.
7. Click OK to close the Interface Settings dialog box.
8. Click OK to close the Network Configuration dialog box.
9. Save the configuration file.