Follow

Network Configuration Wizard (Part 2 of 3)

Version 2.5 Version 3.0

Applies to Platform: UTM 2.4, UTM 2.5; 4i Edge 2.5
Last Updated: 27 May 2014

Applies to Platform: UTM 3.0, 4i Edge 3.0
Last Updated: 27 May 2014

This lesson will illustrate the steps necessary to configure all of the network interfaces of the Endian appliance after the initial configuration.

Endian Network Architecture

?name=media_1295470572751.png

Before we begin the configuration process, please take a moment to familiarize yourself with the color-coded network zones available in the Endian platform and how they are intended to be used (pictured above).

Choose RED (WAN) Interface Type

?name=media_1295300780537.png netconf1.png

The first step is to choose the connection type of your primary WAN interface. In most cases the proper selection is either Ethernet Static or DHCP unless you require one of the other specific connection types. Click the Forward button fwbutton25.png fwbutton.png to continue.

Note

If you require a configuration where you will not need a Red (WAN) interface, you can select Gateway as the connection type and this will allow you to deploy the Endian in a semi-transparent configuration. This option will allow you to deploy the Endian into a network using the Green (LAN) interface as your primary network connection and using an existing gateway that lives within the Green network.

Add Network Zones

?name=media_1295302204951.png netconf2.png

The next option will allow you to select any additional network zone you wish to have configured on your Endian appliance. The available options will depend on the total number of available Ethernet NIC's on the Endian device. Your options could include adding the Blue zone (Wifi) or Orange zone (DMZ) or both. Click the Forward button to continue.

In this example only the blue zone is activated.

Configure Network Zones

?name=media_1295467280490.png netconf3.png

The next step involves configuring the actual IP address you want assigned to the Endian device for each existing network zone. The default Green IP is provided for you but you can use any IP address and subnet you wish. You are also allowed to add additional networks that may co-exist within each single network zone. An example of where this might be used is if you host multiple internal subnets that all need to exist within the same network segment (within one zone).

The blue zone is assigned the network 172.20.100.1/24, hence the Blue interface has IP 172.20.100.1

The next item is a graphical representation of the available physical network interfaces and which zone they are mapped to. You may check or uncheck one or more network interfaces to belong to a network zone (at least one is required) and you may have more than one physical interface per zone; however, you cannot have one physical inteface belong to more than one zone. A network zone with multiple network interfaces will act as a bridge and mimic the behavior of a switch though using an actual physical switch is recommended where performance and efficiency are desired. Next to each network interface port is (1) the link status which indicates if there is a device actually connected to the port, (2) NIC device driver description, (3) network MAC address, and (4) the operating system physical device name.

The last two items are the host and domain name you want assigned to the Endian device itself. Click the Forward button to continue.

Note

It is suggested to follow the standards described in RFC 1918 and use only IP addresses contained in the networks reserved for private use by the Internet Assigning Numbers Authority (IANA):
  • 10.0.0.0 - 10.255.255.255 (10.0.0.0/8), 16,777,216 addresses
  • 172.16.0.0 - 172.31.255.255 (172.16.0.0/12), 1,048,576 addresses
  • 192.168.0.0 - 192.168.255.255 ( 192.168.0.0/16), 65,536 addresses
The first and the last IP address of a network segment are the network address and the broadcast address respectively and must not be assigned to any device.

Configure Red (WAN) Interface

?name=media_1295469370723.png netconf4.png

Now you can configure the Red (WAN) interface according to your ISP connection type (as selected during Step 1). The configuration is identical to the previous step where you must configure the IP, subnet, and gateway (if necessary), select the appropriate physical inteface to use for the Red (WAN) connection, and fill out any other ISP connection specific fields.

If you have multiple public IP addresses assigned, you may enter each IP in the "Add additional addresses" field (1). You should list each individual IP in either IP/Netmask or IP/CIDR format with one entry per line (Example: 29.150.10.5/24, 29.150.10.6/24, ...)

The options for MTU is to manually enter a custom value for interface MTU size and is not recommended unless instructed by your ISP. The option to Spoof MAC address with is really only useful for situations where your ISP modem has a "sticky" connection and requires that your Internet MAC address always stay the same. This option would allow you to configure the Endian to "forge" it's Red interface MAC address so you do not lose your ISP connection.

Click the Forward button to continue.

Configure DNS

?name=media_1295469864611.png netconf5.png

This option is only required if you are not using some form of DHCP for your Red (WAN) connection. You should fill in your ISP-provided or preferred public DNS servers in these fields. Click the Forward button to continue.

Setup Email Information (Optional)

?name=media_1295469939589.png network6.png

Here you can provide the administrator (recipient) email account along with the Endian (sender) address you want emails from the Endian firewall to use. Also you may specify the address of an email smarthost should you require one. Click the Forward button to continue.

Apply Configuration

?name=media_1295470079852.png network7.png

The last step is to apply the configuration to the device. Keep in mind, the changes you made may take up to 20 seconds to be fully applied to the device and for dependent services to be restarted so this may impact any internal device(s) ability to access the device or pass traffic through it. You must access the administration interface of the Endian device using the new IP settings either manually or using the link in the Web UI provided.

Once the network configuration has been successfully completed, you can proceed to register your Endian Appliance to the Endian Network.

Have more questions? Submit a request

Comments

  • Avatar
    Paulo Alves

    My server has two network cards.

    I configured a green area with a local network ip. After applying the settings I lose web access.

    I realized that creates an interface endian br0 and assign it the ip I set up to the green zone.

    I followed the steps correctly. At the server console it shows eth0 without ip. Eth1 with IP network and an external interface (bridge) with the IP that I set up to the green zone.

    What I do?

  • Avatar
    Dave Gilmore

    @Paulo I had this same issue. Did you ever get it resolved?

  • Avatar
    Romeo Andreica

    This is the right behaviour, br0 is the GREEN zone and it is used by Endian to create a sort of virtual switches and put into the same broadcast domain more interfaces.

    With the command "brctl show" you can see wich interfaces are inside the bridge and belong to a specific zone.