Figure 4.23. Non-transparent Mode Internet Access
The non-switch route usually needed to allow Internet access would be:
Route type
Interface
Destination
Gateway
Non-switch
if1
all-nets
gw-ip
Now suppose the NetDefend Firewall is to operate in transparent mode between the users and
the ISP. The illustration below shows how, using switch routes, the NetDefend Firewall is set up
to be transparent between the internal physical Ethernet network (
pn2
) and the Ethernet
network to the ISP's gateway (
pn1
). The two Ethernet networks are treated as a single logical IP
network in Transparent Mode with a common address range (in this example
192.168.10.0/24
).
Figure 4.24. Transparent Mode Internet Access
In this situation, any "normal" non-switch
all-nets
routes in the routing table should be removed
and replaced with an
all-nets
switch route (not doing this is a common mistake during setup).
This switch route will allow traffic from the local users on Ethernet network
pn2
to find the ISP
gateway.
These same users should also configure the Internet gateway on their local computers to be the
ISPs gateway address. In non-transparent mode the user's gateway IP would be the NetDefend
Firewall's IP address but in transparent mode the ISP's gateway is on the same logical IP network
as the users and will therefore be
gw-ip
.
NetDefendOS May Also Need Internet Access
The NetDefend Firewall also needs to find the public Internet if it is to perform NetDefendOS
functions such as DNS lookup, Web Content Filtering or Anti-Virus and IDP updating. To allow
this, individual "normal" non-switch routes need to be set up in the routing table for each IP
address specifying the interface which leads to the ISP and the ISPs gateway IP address.
If the IPv4 addresses that need to be reached by NetDefendOS are
85.12.184.39
and
194.142.215.15
then the complete routing table for the above example would be:
Route type
Interface
Destination
Gateway
Switch
if1
all-nets
Switch
if2
all-nets
Non-switch
if1
85.12.184.39
gw-ip
Non-switch
if1
194.142.215.15
gw-ip
The appropriate IP rules will also need to be added to the IP rule set to allow Internet access
Chapter 4: Routing
385
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...