This lesson will illustrate the steps
necessary to configure all of the network interfaces of the Endian
appliance after the initial configuration.
The last step is to apply the configuration to the device. Keep in
mind, the changes you made may take up to 20 seconds to be fully applied
to the device and for dependent services to be restarted so this may impact any internal device(s) ability to access the device or pass traffic through it.
You must access the administration interface of the Endian device using
the new IP settings either manually or using the link in the Web UI
provided.
Endian Network Architecture
Before we begin the configuration process, please take a moment to
familiarize yourself with the color-coded network zones available in the
Endian platform and how they are intended to be used (pictured above).
Choose RED (WAN) Interface Type
The first step is to choose the connection type of your primary WAN
interface. In most cases the proper selection is either Ethernet Static
or DHCP unless you require one of the other specific connection types.
Click the Forward button to continue.
Note
If you require a configuration where you will not need
a Red (WAN) interface, you can select Gateway as the connection type
and this will allow you to deploy the Endian in a semi-transparent
configuration. This option will allow you to deploy the Endian into a
network using the Green (LAN) interface as your primary network
connection and using an existing gateway that lives within the Green
network.
Add Network Zones
The next option will allow you to select any additional network zone
you wish to have configured on your Endian appliance. The available
options will depend on the total number of available Ethernet NIC's on
the Endian device. Your options could include adding the Blue zone (Wifi) or Orange zone (DMZ) or both. Click the Forward button to continue.
Configure Network Zones
The next step involves configuring the actual IP address you want
assigned to the Endian device for each existing network zone. The
default Green IP is provided for you but you can use any IP address and
subnet you wish. You are also allowed to add additional networks that
may co-exist within each single network zone. An example of where this
might be used is if you host multiple internal subnets that all need to
exist within the same network segment (within one zone).
The next item is a graphical representation of the available physical network interfaces and which zone they are mapped to. You may check or uncheck one or more network interfaces to belong to a network zone (at least one is required) and you may have more than one physical interface per zone; however, you cannot have one physical inteface belong to more than one zone. A network zone with multiple network interfaces will act as a bridge and mimic the behavior of a switch though using an actual physical switch is recommended where performance and efficiency are desired. Next to each network interface port is (1) the link status which indicates if there is a device actually connected to the port, (2) NIC device driver description, (3) network MAC address, and (4) the operating system physical device name.
The last two items are the host and domain name you want assigned to the Endian device itself. Click the Forward button to continue.
The next item is a graphical representation of the available physical network interfaces and which zone they are mapped to. You may check or uncheck one or more network interfaces to belong to a network zone (at least one is required) and you may have more than one physical interface per zone; however, you cannot have one physical inteface belong to more than one zone. A network zone with multiple network interfaces will act as a bridge and mimic the behavior of a switch though using an actual physical switch is recommended where performance and efficiency are desired. Next to each network interface port is (1) the link status which indicates if there is a device actually connected to the port, (2) NIC device driver description, (3) network MAC address, and (4) the operating system physical device name.
The last two items are the host and domain name you want assigned to the Endian device itself. Click the Forward button to continue.
Note
It is suggested to follow the standards described in
RFC 1918 and use only IP addresses contained in the networks reserved
for private use by the Internet Assigning Numbers Authority (IANA):
- 10.0.0.0 - 10.255.255.255 (10.0.0.0/8), 16,777,216 addresses
- 172.16.0.0 - 172.31.255.255 (172.16.0.0/12), 1,048,576 addresses
- 192.168.0.0 - 192.168.255.255 ( 192.168.0.0/16), 65,536 addresses
Configure Red (WAN) Interface
Now you can configure the Red (WAN) interface according to your ISP
connection type (as selected during Step 1). The configuration is
identical to the previous step where you must configure the IP, subnet,
and gateway (if necessary), select the appropriate physical inteface to
use for the Red (WAN) connection, and fill out any other ISP connection
specific fields.
If you have multiple public IP addresses assigned, you may enter each IP in the "Add additional addresses" field (1). You should list each individual IP in either IP/Netmask or IP/CIDR format with one entry per line (Example: 29.150.10.5/24, 29.150.10.6/24, ...)
The options for MTU is to manually enter a custom value for interface MTU size and is not recommended unless instructed by your ISP. The option to Spoof MAC address with is really only useful for situations where your ISP modem has a "sticky" connection and requires that your Internet MAC address always stay the same. This option would allow you to configure the Endian to "forge" it's Red interface MAC address so you do not lose your ISP connection.
Click the Forward button to continue.
If you have multiple public IP addresses assigned, you may enter each IP in the "Add additional addresses" field (1). You should list each individual IP in either IP/Netmask or IP/CIDR format with one entry per line (Example: 29.150.10.5/24, 29.150.10.6/24, ...)
The options for MTU is to manually enter a custom value for interface MTU size and is not recommended unless instructed by your ISP. The option to Spoof MAC address with is really only useful for situations where your ISP modem has a "sticky" connection and requires that your Internet MAC address always stay the same. This option would allow you to configure the Endian to "forge" it's Red interface MAC address so you do not lose your ISP connection.
Click the Forward button to continue.
Configure DNS
This option is only required if you are not using some form of DHCP
for your Red (WAN) connection. You should fill in your ISP-provided or
preferred public DNS servers in these fields. Click the Forward button to continue.
Setup Email Information (Optional)
Here you can provide the administrator (recipient) email account
along with the Endian (sender) address you want emails from the Endian
firewall to use. Also you may specify the address of an email smarthost
should you require one. Click the Forward button to continue.
Apply Configuration
No comments:
Post a Comment