Interfaces
Line 3: | Line 3: | ||
= Introduction = | = Introduction = | ||
− | WFilter NGF supports three types of deployment: gateway, network bridge and passby deployment | + | WFilter NGF supports three types of deployment: gateway, network bridge and passby deployment, please check: [[Features_per_deployment|Features comparison of different deployment]]: |
* In gateway deployment, all features are available, including VLAN, port forwarding, VPN... which are not available in bridge mode. | * In gateway deployment, all features are available, including VLAN, port forwarding, VPN... which are not available in bridge mode. | ||
* A network bridge can be deployed transparently with no changes to your existing network. Most features are available in bridge mode. | * A network bridge can be deployed transparently with no changes to your existing network. Most features are available in bridge mode. |
Revision as of 18:13, 6 July 2020
Contents |
1 Introduction
WFilter NGF supports three types of deployment: gateway, network bridge and passby deployment, please check: Features comparison of different deployment:
- In gateway deployment, all features are available, including VLAN, port forwarding, VPN... which are not available in bridge mode.
- A network bridge can be deployed transparently with no changes to your existing network. Most features are available in bridge mode.
- In passby deployment, the NGF system listens internet traffic on a mirroring port in your switch.
2 Gateway Deployment
Gateway deployment: WFilter NG Firewall acts as the gateway for local nework. Usually, your current gateway shall be replaced with WFilter NG Firewall. Network diagram:
2.1 WAN
- Protocol: PPPoE, DHCP, static IP.
- Peer DNS: Use the dynamic assigned DNS server in PPPoE and DHCP protocols. If disabled, use the DNS servers configured in "DNS" instead.
- MAC Clone: Modify the MAC address of this WAN interface.
- VLAN ID: Enable 802.1q VLAN in this WAN interface.
2.2 LAN
- You can have different subnet in every LAN interface. Or all LAN interfaces share a same subnet.
- Each LAN interface can have a DHCP service.
- When IP-MAC Binding is enabled, clients will always be assigned with the bound IP via DHCP service.
2.2.1 DHCP Options
- In default, DHCP gateway and dns server are all configured as WFilter's lan ip address.
- In case you need to modify the default DHCP options, the syntax is "DHCP code,Value"(one option per line). For examples:
- 3,192.168.1.1(default gateway)
- 6,8.8.8.8(default dns server)
3 Bridge Deployment
Bridge Deployment: Build network bridge(s) on certain interfaces. With bridge deployment, you can transparently deploy WFilter, without changing current network topology. Network diagram:
3.1 Settings
- Each bridge has one LAN interface and one WAN interface.
- You can build multiple bridges if needed.
- You can setup a management interface to access web UI.
- Management Interface:
- The management interface is for web UI access, web authentication UI access...
- IP, Mask: IP, Mask of the management interface.
- Gateway: Gateway of the mangement interface. WFilter needs a gateway to access interface to get updates.
- Subnet(s): local subnets to be managed. Syntax: 192.168.1.0/24, one subnet per line. "-" starts a subnet exception, for example: "-192.168.1.20/32".
You can build new bridges from "undefined interfaces". For new bridges, you only need to configure LAN & WAN interfaces.
4 Passby Deployment
Passby Deployment: the NGF system listens internet traffic on a mirroring port in your switch. You need to setup a mirroring port(SPAN port) in your switch.
- Observ Port
The observ port shall be connected to a mirroring port in your core switch to listen internet traffic.
- Mangement Port
The management port is for NGF system to access network. It's also used for sending RST packets to block clients TCP connections. The management port VLAN shall be able to reach other clients VLANs.