Installation Topics
•You use one logical network for all three interfaces.
•The Firebox uses proxy ARP. The trusted interface ARP address replaces the ARP address of the router. It then resolves the ARP data for those devices behind the Firebox that cannot receive the transmitted data.
•During installation, it is not necessary to change the TCP/IP properties of computers on the trusted and optional interfaces. The router cannot receive the transmitted ARP data from the trusted host, but the Firebox continues to control ARP data for the router.
•Usually, the Firebox is the default gateway as an alternative to the router.
•You must flush the ARP cache of each computer on the trusted network.
•A large part of a LAN is on the trusted interface because there is a secondary network for the LAN.
With a
Adding secondary networks to your configuration
A secondary network is a different network that connects to a Firebox interface with a switch or hub.
When you add a secondary network, you map an IP address from the secondary network to the IP address of the Firebox interface. Thus, you make (or add) an IP alias to the network interface. This IP alias is the default gateway for all the computers on the secondary network. The secondary network also tells the Firebox that there is one more network on the Firebox interface.
To add a secondary networks, do one of these procedures:
Use the Quick Setup Wizard during installation
Enter an IP address for the secondary network in the Quick Setup Wizard, as described in “Using the Quick Setup Wizard” on page 6. This is the default gateway for your secondary private network.
Add the secondary network after the Firebox installation is complete
Use Policy Manager to add secondary networks to an interface. For information on how to use Policy Manager, see the Configuration Guide.
Dynamic IP support on the external interface
If you use dynamic IP addressing, you must select routed configuration.
User Guide | 11 |
