Configuring WAN Settings for Your Internet
Connection
Use the Networking > WAN > WAN Settings to
configure WAN settings by using the account information provided by your
ISP. If you have two ISP links, you can configure one for WAN1 and another
for WAN2.
Proceed as needed:
• Release or
renew a DHCP WAN connection
• Configure
the primary WAN
• Configure
a secondary WAN
Release or renew a DHCP WAN connection
If a WAN interface is configured to obtain an IP
address from the ISP by using Dynamic Host Configuration Protocol (DHCP),
you can click the Release icon to release
its IP address, or click the Renew
icon to obtain a new IP address.
Configure the primary WAN
To configure the settings for the primary WAN (WAN1),
click the Edit (pencil) icon. Then
use the WAN - Add/Edit page to configure the connection. If you enabled
IPv4/IPv6 routing mode, complete both tabbed pages. Click OK to save your settings. Click Save to apply your settings to the security
appliance.
For IPv4 routing mode, enter the following information
on the IPv4 tab:
• Physical Port: The physical port associated
with the primary WAN.
• WAN Name: The name of the primary WAN (WAN1).
• IP Address Assignment: Depending on the requirements
of your ISP, choose the network addressing mode and complete the corresponding
settings. The security appliance supports DHCP Client, Static IP, PPPoE, PPTP, and
L2TP. For information on configuring network addressing mode, see Network Addressing
Mode.
• DNS Server Source: DNS servers map Internet
domain names to IP addresses. You can get DNS server addresses automatically
from your ISP or use ISP-specified addresses.
– Get
Dynamically from ISP: Choose this option
if you have not been assigned a static DNS IP address.
– Use
these DNS Servers: Choose this option
if you have assigned a static DNS IP address. Also enter the addresses
in the DNS1 and DNS2 fields.
• MAC Address Source: Specify the MAC address
for the primary WAN. Typically, you can use the unique 48-bit local Ethernet
address of the security appliance as your MAC address source.
– Use Default MAC Address: Choose this option
to use the default MAC address.
– Use the following MAC address: If your ISP
requires MAC authentication and another MAC address has been previously
registered with your ISP, choose this option and enter the MAC address
that your ISP requires for this connection.
• MAC Address: Enter the MAC
address, for example 01:23:45:67:89:ab.
• Zone: Choose the default WAN zone or an untrusted
zone for the primary WAN. You can click the Create
Zone link to view, edit, or add the zones on the security
appliance.
For IPv4/IPv6 routing mode, enter the following
information on the IPv6 tab:
• IP Address Assignment: Choose Static IP if your ISP assigned a fixed (static
or permanent) IP address, or choose SLAAC if
you were not assigned a static IP address. By
default, your security appliance is configured to be a DHCPv6 client of the ISP,
with stateless address auto-configuration (SLAAC).
– SLAAC: SLAAC provides a convenient method
to assign IP addresses to IPv6 nodes. This method does not require any
human intervention from an IPv6 user. If you choose SLAAC, the security
appliance can generate its own addresses using a combination
of locally available information and information advertised by routers.
– Static IP: If your ISP assigned a static
IPv6 address, configure the IPv6 WAN connection in the following fields:
IPv6 Address: Enter
the static IP address that was provided by your ISP.
IPv6 Prefix Length: The
IPv6 network (subnet) is identified by the initial bits of the address
called the prefix. All hosts in the network have the identical initial
bits for their IPv6 address. Enter the number of common initial bits
in the network’s addresses. The default prefix length is 64.
Default IPv6 Gateway: Enter
the IPv6 address of the gateway for your ISP. This is usually provided
by the ISP or your network administrator.
Primary DNS Server: Enter
a valid IP address of the primary DNS server.
Secondary DNS Server (Optional):
Optionally, enter a valid IP address of the secondary DNS
server.
Configure a secondary WAN
To configure a secondary WAN (WAN2), click Add. Then use the WAN - Add/Edit page to
configure the connection. If you enabled IPv4/IPv6 routing mode, complete
both tabbed pages, as described for the primary WAN interface. Click
OK to save your settings in the pop-up
window. Click Save to apply your settings
to the security appliance. To determine how the two ISP links are used,
configure the WAN redundancy settings. See Configuring
WAN Redundancy.
• If
you are having problems with your WAN connection, see Internet Connection, page 383.
Network Addressing Mode
The security appliance supports five types of network addressing modes.
You need to specify the network addressing mode for the primary WAN and
the secondary WAN depending on your ISP requirements.
Note Confirm that you have proper network information
from your ISP or a peer router to configure the security appliance to access the Internet.
Network Addressing Mode
|
Configuration
|
DHCP Client
|
Connection type often used with cable modems. Choose
this option if your ISP dynamically assigns an IP address on connection.
NOTE: Unless a
change is required by your ISP, it is recommended that the MTU values
be left as is.
• MTU: The Maximum Transmission Unit is the
size, in bytes, of the largest packet that can be passed on. Choose Auto to use the default MTU size, or choose
Manual if you want to specify another
size.
• MTU Value: If you choose Manual,
enter the custom MTU size in bytes.
|
Static IP
|
Choose this option if
the ISP provides you with a static (permanent) IP address and does not
assign it dynamically. Use the corresponding information from
your ISP to complete the following fields:
• IP Address: Enter the IP address of the WAN
port that can be accessible from the Internet.
• Subnet Mask: Enter the IP address of the
subnet mask.
• Gateway: Enter the IP address of default
gateway.
• MTU: The Maximum Transmission Unit is the
size, in bytes, of the largest packet that can be passed on. Choose Auto to use the default MTU size, or choose
Manual if you want to specify another
size.
• MTU Value: If you choose Manual,
enter the custom MTU size in bytes.
|
PPPoE
|
PPPoE uses Point to Point
Protocol over Ethernet (PPPoE) to connect to the Internet. Choose
this option if your ISP provides you with client
software, username, and password. Use the necessary PPPoE information
from your ISP to complete the PPPoE configuration.
• User Name: Enter the username that is required
to log into the ISP.
• Password: Enter the password that is required
to log into the ISP.
• Authentication Type: Choose the authentication
type specified by your ISP.
• Connect Idle Time: Choose this option to
let the security appliance disconnect from the Internet after a specified
period of inactivity (Idle Time). This choice is recommended if your
ISP fees are based on the time that you spend online.
• Keep alive: Choose this option to keep the
connection always on, regardless of the level of activity. This choice
is recommended if you pay a flat fee for your Internet service.
• MTU: Choose Auto
to use the default MTU size, or choose Manual
if you want to specify another size.
• MTU Value: If you choose Manual,
enter the custom MTU size in bytes.
• Add VLAN Tag: Click Yes
to support VLAN Tagging (802.1q) over the WAN port, or click No to disable it.
• VLAN Tag ID: Specify the VLAN tag (ID) to
the WAN port.
• Reset Timer: You can reset the PPPoE connection
at a given time of a day and day of a week. The reset events are logged
if you enable this feature. Choose one of the following options from
the Frequency drop-down list and specify
the corresponding settings:
– Never: Choose this option to disable this
feature.
– Daily: Choose this option to reset the PPPoE
connection at a given time of a day. Specify the time of a day in the
Time fields.
– Weekly: Choose this option to reset the PPPoE
connection at a given day of a week. Then specify the day of a week and
the time of a day.
|
PPTP
|
The PPTP protocol is typically
used for VPN connection. Use the necessary information from your
ISP to complete the PPTP configuration:
• IP Address: Enter the IP address of the WAN
port that can be accessible from the Internet.
• Subnet Mask: Enter the subnet mask.
• Gateway: Enter the IP address of default
gateway.
• User Name: Enter the username that is required
to log into the PPTP server.
• Password: Enter the password that is required
to log into the PPTP server.
• PPTP Server IP Address: Enter the IP address
of the PPTP server.
• MPPE Encryption: Microsoft Point-to-Point
Encryption (MPPE) encrypts data in PPP-based dial-up connections or PPTP
VPN connections. Check this box to enable the MPPE encryption to provide
data security for the PPTP connection that is between the VPN client
and the VPN server.
• Connect Idle Time: Choose this option to
let the security appliance disconnect from the Internet after a specified
period of inactivity (Idle Time). This choice is recommended if your
ISP fees are based on the time that you spend online.
• Keep alive: Choose this option to keep the
connection always on, regardless of the level of activity. This choice
is recommended if you pay a flat fee for your Internet service.
• MTU: Choose Auto
to use the default MTU size, or choose Manual
if you want to specify another size.
• MTU Value: If you choose Manual,
enter the custom MTU size in bytes.
|
L2TP
|
Choose this option if
you want to use IPsec to connect a L2TP (Layer
2 Tunneling Protocol) server and encrypt all data transmitted from the
client to the server. However, it does not encrypt network traffic to
other destinations. Use the necessary
information from your ISP to complete the L2TP configuration:
• IP Address: Enter the IP address of the WAN
port that can be accessible from the Internet.
• Subnet Mask: Enter the subnet mask.
• Gateway: Enter the IP address of default
gateway.
• User Name: Enter the username that is required
to log into the L2TP server.
• Password: Enter the password that is required
to log into the L2TP server.
• L2TP Server IP Address: Enter the IP address
of the L2TP server.
• Secret (Optional): L2TP incorporates a simple,
optional, CHAP-like tunnel authentication system during control connection
establishment. Enter the secret for tunnel authentication if necessary.
• Connect Idle Time: Choose this option to
let the security appliance disconnect from the Internet after a specified
period of inactivity (Idle Time). This choice is recommended if your
ISP fees are based on the time that you spend online.
• Keep alive: Choose this option to keep the
connection always on, regardless of the level of activity. This choice
is recommended if you pay a flat fee for your Internet service.
• MTU: Choose Auto
to use the default MTU size, or choose Manual
if you want to specify another size.
• MTU Value: If you choose Manual,
enter the custom MTU size in bytes.
|