Static Routes

The following procedure shows how to integrate the firewall into the network using static routing.
  1. Configure a default route to your internet router.
    1. Select
      Network
      Virtual Router
      and then select the
      default
      link to open the Virtual Router dialog.
    2. Select the
      Static Routes
      tab and click
      Add
      . Enter a
      Name
      for the route and enter the route in the
      Destination
      field (for example, 0.0.0.0/0).
    3. Select the
      IP Address
      radio button in the
      Next Hop
      field and then enter the IP address and netmask for your internet gateway (for example, 208.80.56.1).
    4. Click
      OK
      twice to save the virtual router configuration.
  2. Configure the external interface (the interface that connects to the internet).
    1. Select
      Network
      Interfaces
      and then select the interface you want to configure. In this example, we are configuring Ethernet1/3 as the external interface.
    2. Select the
      Interface Type
      . Although your choice here depends on your network topology, this example shows the steps for
      Layer3
      .
    3. In the
      Virtual Router
      drop-down, select
      default
      .
    4. On the
      Config
      tab, select
      New Zone
      from the
      Security Zone
      drop-down. In the Zone dialog, define a
      Name
      for new zone, for example Untrust, and then click
      OK
      .
    5. To assign an IP address to the interface, select the
      IPv4
      tab and
      Static
      radio button. Click
      Add
      in the IP section, and enter the IP address and network mask to assign to the interface, for example 208.80.56.100/24.
    6. To enable you to ping the interface, select
      Advanced
      Other Info
      , expand the
      Management Profile
      drop-down, and select
      New Management Profile
      . Enter a
      Name
      for the profile, select
      Ping
      and then click
      OK
      .
    7. To save the interface configuration, click
      OK
      .
  3. Configure the interface that connects to your internal network.
    In this example, the interface connects to a network segment that uses private IP addresses. Because private IP addresses cannot be routed externally, you will have to configure NAT. See Configure NAT for details.
    1. Select
      Network
      Interfaces
      and select the interface you want to configure. In this example, we are configuring Ethernet1/4 as the internal interface.
    2. Select
      Layer3
      from the
      Interface Type
      drop-down.
    3. On the
      Config
      tab, expand the
      Security Zone
      drop-down and select
      New Zone
      . In the Zone dialog, define a
      Name
      for new zone, for example Trust, and then click
      OK
      .
    4. Select the same Virtual Router you used in the previous step, default in this example.
    5. To assign an IP address to the interface, select the
      IPv4
      tab and the
      Static
      radio button, click
      Add
      in the IP section, and enter the IP address and network mask to assign to the interface, for example 192.168.1.4/24.
    6. To enable you to ping the interface, select the management profile that you created in Step 2f.
    7. To save the interface configuration, click
      OK
      .
  4. Configure the interface that connects to the DMZ.
    1. Select the interface you want to configure.
    2. Select
      Layer3
      from the
      Interface Type
      drop-down. In this example, we are configuring Ethernet1/13 as the DMZ interface.
    3. On the
      Config
      tab, expand the
      Security Zone
      drop-down and select
      New Zone
      . In the Zone dialog, define a
      Name
      for new zone, for example DMZ, and then click
      OK
      .
    4. Select the Virtual Router you used in Step 2, default in this example.
    5. To assign an IP address to the interface, select the
      IPv4
      tab and the
      Static
      radio button, click
      Add
      in the IP section, and enter the IP address and network mask to assign to the interface, for example 10.1.1.1/24.
    6. To enable you to ping the interface, select the management profile that you created in Step 2f.
    7. To save the interface configuration, click
      OK
      .
  5. Save the interface configuration.
    Click
    Commit
    .
  6. Cable the firewall.
    Attach straight through cables from the interfaces you configured to the corresponding switch or router on each network segment.
  7. Verify that the interfaces are active.
    From the web interface, select
    Network
    Interfaces
    and verify that icon in the Link State column is green. You can also monitor link state from the
    Interfaces
    widget on the
    Dashboard
    .

Related Documentation