Interfaces
From Wiki of WFilter NG Firewall
(Difference between revisions)
| Line 6: | Line 6: | ||
== LAN == | == LAN == | ||
= Bridge Deployment = | = Bridge Deployment = | ||
| + | |||
| + | = Introduction = | ||
| + | |||
| + | WFilter NGF can act as a gateway or network bridge. | ||
| + | * A network bridge can be deployed transparently with no changes to your existing network. Most features are available in bridge mode. | ||
| + | * In gateway deployment, all features are available, including VLAN, port forwarding, VPN... which are not available in bridge mode. | ||
| + | |||
| + | = Gateway Deployment = | ||
| + | |||
| + | Gateway deployment: WFilter NG Firewall acts as the gateway for local nework. Usually, your current gateway shall be replaced with WFilter NG Firewall. Network diagram: | ||
| + | |||
| + | [[File:ros_guide_gateway.png|600px]] | ||
| + | |||
| + | == WAN == | ||
| + | [[File:interface_gateway01.png|900px]] | ||
| + | |||
| + | [[File:interface_gateway02.png|600px]] | ||
| + | |||
| + | * '''Protocol''': PPPoE, DHCP, static IP. | ||
| + | * '''Peer DNS''': Use the dynamic assigned DNS server in PPPoE and DHCP protocols. If disabled, use the DNS servers configured in "DNS" instead. | ||
| + | * '''MAC Clone''': Modify the MAC address of this WAN interface. | ||
| + | * '''VLAN ID''': Enable 802.1q VLAN in this WAN interface. | ||
| + | |||
| + | == LAN == | ||
| + | |||
| + | [[File:interface_gateway05.png|900px]] | ||
| + | |||
| + | [[File:interface_gateway03.png|800px]] | ||
| + | |||
| + | [[File:interface_gateway04.png|600px]] | ||
| + | |||
| + | * You can have different subnet in every LAN interface. Or all LAN interfaces share a same subnet. | ||
| + | * Each LAN interface can have a DHCP service. | ||
| + | * When [[ipbound|IP-MAC Binding]] is enabled, clients will always be assigned with the bound IP via DHCP service. | ||
| + | |||
| + | = Bridge Deployment = | ||
| + | |||
| + | Bridge Deployment: Build network bridge(s) on certain interfaces. With bridge deployment, you can transparently deploy WFilter, without changing current network topology. Network diagram: | ||
| + | |||
| + | [[File:ros_guide_bridge.png|600px]] | ||
| + | |||
| + | [[File:ros_guide_bridge.png|600px]] | ||
| + | |||
| + | == Settings == | ||
| + | |||
| + | [[File:interface_bridge01.png|900px]] | ||
| + | |||
| + | * Each bridge has one LAN interface and one WAN interface. | ||
| + | * You can build multiple bridges if needed. | ||
| + | * You can setup a management interface in the first bridge. | ||
| + | |||
| + | [[File:interface_bridge02.png|600px]] | ||
| + | |||
| + | * Management Interface: | ||
| + | ** The management interface is for web UI access, web authentication UI access... | ||
| + | ** '''IP, Mask''': IP, Mask of the management interface. | ||
| + | ** '''Gateway''': Gateway of the mangement interface. WFilter needs a gateway to access interface to get updates. | ||
| + | ** '''Subnet(s)''': local subnets to be managed. Syntax: 192.168.1.0/24, one subnet per line. | ||
| + | |||
| + | [[File:interface_bridge03.png|600px]] | ||
| + | |||
| + | You can build new bridges from "undefined interfaces". For new bridges, you only need to configure LAN & WAN interfaces. | ||
Revision as of 23:48, 24 January 2018
Contents |
1 Introduction
2 Gateway Deployment
2.1 WAN
2.2 LAN
3 Bridge Deployment
4 Introduction
WFilter NGF can act as a gateway or network bridge.
- A network bridge can be deployed transparently with no changes to your existing network. Most features are available in bridge mode.
- In gateway deployment, all features are available, including VLAN, port forwarding, VPN... which are not available in bridge mode.
5 Gateway Deployment
Gateway deployment: WFilter NG Firewall acts as the gateway for local nework. Usually, your current gateway shall be replaced with WFilter NG Firewall. Network diagram:
5.1 WAN
- Protocol: PPPoE, DHCP, static IP.
- Peer DNS: Use the dynamic assigned DNS server in PPPoE and DHCP protocols. If disabled, use the DNS servers configured in "DNS" instead.
- MAC Clone: Modify the MAC address of this WAN interface.
- VLAN ID: Enable 802.1q VLAN in this WAN interface.
5.2 LAN
- You can have different subnet in every LAN interface. Or all LAN interfaces share a same subnet.
- Each LAN interface can have a DHCP service.
- When IP-MAC Binding is enabled, clients will always be assigned with the bound IP via DHCP service.
6 Bridge Deployment
Bridge Deployment: Build network bridge(s) on certain interfaces. With bridge deployment, you can transparently deploy WFilter, without changing current network topology. Network diagram:
6.1 Settings
- Each bridge has one LAN interface and one WAN interface.
- You can build multiple bridges if needed.
- You can setup a management interface in the first bridge.
- Management Interface:
- The management interface is for web UI access, web authentication UI access...
- IP, Mask: IP, Mask of the management interface.
- Gateway: Gateway of the mangement interface. WFilter needs a gateway to access interface to get updates.
- Subnet(s): local subnets to be managed. Syntax: 192.168.1.0/24, one subnet per line.
You can build new bridges from "undefined interfaces". For new bridges, you only need to configure LAN & WAN interfaces.
