Configuring WAN Settings for Your Internet Connection

Use the Networking > WAN > WAN Settings to configure WAN settings by using the account information provided by your ISP. If you have two ISP links, you can configure one for WAN1 and another for WAN2.

Proceed as needed:

 • Release or renew a DHCP WAN connection

 • Configure the primary WAN

 • Configure a secondary WAN

Release or renew a DHCP WAN connection

If a WAN interface is configured to obtain an IP address from the ISP by using Dynamic Host Configuration Protocol (DHCP), you can click the Release icon to release its IP address, or click the Renew icon to obtain a new IP address.

Configure the primary WAN

To configure the settings for the primary WAN (WAN1), click the Edit (pencil) icon. Then use the WAN - Add/Edit page to configure the connection. If you enabled IPv4/IPv6 routing mode, complete both tabbed pages. Click OK to save your settings. Click Save to apply your settings to the security appliance.

For IPv4 routing mode, enter the following information on the IPv4 tab:

 • Physical Port: The physical port associated with the primary WAN.

 • WAN Name: The name of the primary WAN (WAN1).

 • IP Address Assignment: Depending on the requirements of your ISP, choose the network addressing mode and complete the corresponding settings. The security appliance supports DHCP Client, Static IP, PPPoE, PPTP, and L2TP. For information on configuring network addressing mode, see Network Addressing Mode.

 • DNS Server Source: DNS servers map Internet domain names to IP addresses. You can get DNS server addresses automatically from your ISP or use ISP-specified addresses.

 – Get Dynamically from ISP: Choose this option if you have not been assigned a static DNS IP address.

 – Use these DNS Servers: Choose this option if you have assigned a static DNS IP address. Also enter the addresses in the DNS1 and DNS2 fields.

 • MAC Address Source: Specify the MAC address for the primary WAN. Typically, you can use the unique 48-bit local Ethernet address of the security appliance as your MAC address source.

 – Use Default MAC Address: Choose this option to use the default MAC address.

 – Use the following MAC address: If your ISP requires MAC authentication and another MAC address has been previously registered with your ISP, choose this option and enter the MAC address that your ISP requires for this connection.

 • MAC Address: Enter the MAC address, for example 01:23:45:67:89:ab.

 • Zone: Choose the default WAN zone or an untrusted zone for the primary WAN. You can click the Create Zone link to view, edit, or add the zones on the security appliance.

For IPv4/IPv6 routing mode, enter the following information on the IPv6 tab:

 • IP Address Assignment: Choose Static IP if your ISP assigned a fixed (static or permanent) IP address, or choose SLAAC if you were not assigned a static IP address. By default, your security appliance is configured to be a DHCPv6 client of the ISP, with stateless address auto-configuration (SLAAC).

 – SLAAC: SLAAC provides a convenient method to assign IP addresses to IPv6 nodes. This method does not require any human intervention from an IPv6 user. If you choose SLAAC, the security appliance can generate its own addresses using a combination of locally available information and information advertised by routers.

 – Static IP: If your ISP assigned a static IPv6 address, configure the IPv6 WAN connection in the following fields:

IPv6 Address: Enter the static IP address that was provided by your ISP.

IPv6 Prefix Length: The IPv6 network (subnet) is identified by the initial bits of the address called the prefix. All hosts in the network have the identical initial bits for their IPv6 address. Enter the number of common initial bits in the network’s addresses. The default prefix length is 64.

Default IPv6 Gateway: Enter the IPv6 address of the gateway for your ISP. This is usually provided by the ISP or your network administrator.

Primary DNS Server: Enter a valid IP address of the primary DNS server.

Secondary DNS Server (Optional): Optionally, enter a valid IP address of the secondary DNS server.

Configure a secondary WAN

To configure a secondary WAN (WAN2), click Add. Then use the WAN - Add/Edit page to configure the connection. If you enabled IPv4/IPv6 routing mode, complete both tabbed pages, as described for the primary WAN interface. Click OK to save your settings in the pop-up window. Click Save to apply your settings to the security appliance. To determine how the two ISP links are used, configure the WAN redundancy settings. See Configuring WAN Redundancy.

 • If you are having problems with your WAN connection, see Internet Connection, page 383.

Network Addressing Mode

The security appliance supports five types of network addressing modes. You need to specify the network addressing mode for the primary WAN and the secondary WAN depending on your ISP requirements.

Note Confirm that you have proper network information from your ISP or a peer router to configure the security appliance to access the Internet.

Network Addressing Mode

Configuration

DHCP Client

Connection type often used with cable modems. Choose this option if your ISP dynamically assigns an IP address on connection.

NOTE: Unless a change is required by your ISP, it is recommended that the MTU values be left as is.

 • MTU: The Maximum Transmission Unit is the size, in bytes, of the largest packet that can be passed on. Choose Auto to use the default MTU size, or choose Manual if you want to specify another size.

 • MTU Value: If you choose Manual, enter the custom MTU size in bytes.

Static IP

Choose this option if the ISP provides you with a static (permanent) IP address and does not assign it dynamically. Use the corresponding information from your ISP to complete the following fields:

 • IP Address: Enter the IP address of the WAN port that can be accessible from the Internet.

 • Subnet Mask: Enter the IP address of the subnet mask.

 • Gateway: Enter the IP address of default gateway.

 • MTU: The Maximum Transmission Unit is the size, in bytes, of the largest packet that can be passed on. Choose Auto to use the default MTU size, or choose Manual if you want to specify another size.

 • MTU Value: If you choose Manual, enter the custom MTU size in bytes.

PPPoE

PPPoE uses Point to Point Protocol over Ethernet (PPPoE) to connect to the Internet. Choose this option if your ISP provides you with client software, username, and password. Use the necessary PPPoE information from your ISP to complete the PPPoE configuration.

 • User Name: Enter the username that is required to log into the ISP.

 • Password: Enter the password that is required to log into the ISP.

 • Authentication Type: Choose the authentication type specified by your ISP.

 • Connect Idle Time: Choose this option to let the security appliance disconnect from the Internet after a specified period of inactivity (Idle Time). This choice is recommended if your ISP fees are based on the time that you spend online.

 • Keep alive: Choose this option to keep the connection always on, regardless of the level of activity. This choice is recommended if you pay a flat fee for your Internet service.

 • MTU: Choose Auto to use the default MTU size, or choose Manual if you want to specify another size.

 • MTU Value: If you choose Manual, enter the custom MTU size in bytes.

 • Add VLAN Tag: Click Yes to support VLAN Tagging (802.1q) over the WAN port, or click No to disable it.

 • VLAN Tag ID: Specify the VLAN tag (ID) to the WAN port.

 • Reset Timer: You can reset the PPPoE connection at a given time of a day and day of a week. The reset events are logged if you enable this feature. Choose one of the following options from the Frequency drop-down list and specify the corresponding settings:

 – Never: Choose this option to disable this feature.

 – Daily: Choose this option to reset the PPPoE connection at a given time of a day. Specify the time of a day in the Time fields.

 – Weekly: Choose this option to reset the PPPoE connection at a given day of a week. Then specify the day of a week and the time of a day.

PPTP

The PPTP protocol is typically used for VPN connection. Use the necessary information from your ISP to complete the PPTP configuration:

 • IP Address: Enter the IP address of the WAN port that can be accessible from the Internet.

 • Subnet Mask: Enter the subnet mask.

 • Gateway: Enter the IP address of default gateway.

 • User Name: Enter the username that is required to log into the PPTP server.

 • Password: Enter the password that is required to log into the PPTP server.

 • PPTP Server IP Address: Enter the IP address of the PPTP server.

 • MPPE Encryption: Microsoft Point-to-Point Encryption (MPPE) encrypts data in PPP-based dial-up connections or PPTP VPN connections. Check this box to enable the MPPE encryption to provide data security for the PPTP connection that is between the VPN client and the VPN server.

 • Connect Idle Time: Choose this option to let the security appliance disconnect from the Internet after a specified period of inactivity (Idle Time). This choice is recommended if your ISP fees are based on the time that you spend online.

 • Keep alive: Choose this option to keep the connection always on, regardless of the level of activity. This choice is recommended if you pay a flat fee for your Internet service.

 • MTU: Choose Auto to use the default MTU size, or choose Manual if you want to specify another size.

 • MTU Value: If you choose Manual, enter the custom MTU size in bytes.

L2TP

Choose this option if you want to use IPsec to connect a L2TP (Layer 2 Tunneling Protocol) server and encrypt all data transmitted from the client to the server. However, it does not encrypt network traffic to other destinations. Use the necessary information from your ISP to complete the L2TP configuration:

 • IP Address: Enter the IP address of the WAN port that can be accessible from the Internet.

 • Subnet Mask: Enter the subnet mask.

 • Gateway: Enter the IP address of default gateway.

 • User Name: Enter the username that is required to log into the L2TP server.

 • Password: Enter the password that is required to log into the L2TP server.

 • L2TP Server IP Address: Enter the IP address of the L2TP server.

 • Secret (Optional): L2TP incorporates a simple, optional, CHAP-like tunnel authentication system during control connection establishment. Enter the secret for tunnel authentication if necessary.

 • Connect Idle Time: Choose this option to let the security appliance disconnect from the Internet after a specified period of inactivity (Idle Time). This choice is recommended if your ISP fees are based on the time that you spend online.

 • Keep alive: Choose this option to keep the connection always on, regardless of the level of activity. This choice is recommended if you pay a flat fee for your Internet service.

 • MTU: Choose Auto to use the default MTU size, or choose Manual if you want to specify another size.

 • MTU Value: If you choose Manual, enter the custom MTU size in bytes.