Static Routes
The following procedure shows how to integrate the firewall into the network using static routing.
Set Up Interfaces and Zones
Configure a default route to your internet router. Select Network > Virtual Router and then select the default link to open the Virtual Router dialog. Select the Static Routes tab and click Add. Enter a Name for the route and enter the route in the Destination field (for example, 0.0.0.0/0). Select the IP Address radio button in the Next Hop field and then enter the IP address and netmask for your internet gateway (for example, 208.80.56.1). Click OK twice to save the virtual router configuration.
Configure the external interface (the interface that connects to the internet). Select Network > Interfaces and then select the interface you want to configure. In this example, we are configuring Ethernet1/3 as the external interface. Select the Interface Type. Although your choice here depends on your network topology, this example shows the steps for Layer3. In the Virtual Router drop-down, select default. On the Config tab, select New Zone from the Security Zone drop-down. In the Zone dialog, define a Name for new zone, for example Untrust, and then click OK. To assign an IP address to the interface, select the IPv4 tab and Static radio button. Click Add in the IP section, and enter the IP address and network mask to assign to the interface, for example 208.80.56.100/24. To enable you to ping the interface, select Advanced > Other Info, expand the Management Profile drop-down, and select New Management Profile. Enter a Name for the profile, select Ping and then click OK. To save the interface configuration, click OK.
Configure the interface that connects to your internal network. In this example, the interface connects to a network segment that uses private IP addresses. Because private IP addresses cannot be routed externally, you will have to configure NAT. See Configure NAT for details. Select Network > Interfaces and select the interface you want to configure. In this example, we are configuring Ethernet1/4 as the internal interface. Select Layer3 from the Interface Type drop-down. On the Config tab, expand the Security Zone drop-down and select New Zone. In the Zone dialog, define a Name for new zone, for example Trust, and then click OK. Select the same Virtual Router you used in the previous step, default in this example. To assign an IP address to the interface, select the IPv4 tab and the Static radio button, click Add in the IP section, and enter the IP address and network mask to assign to the interface, for example 192.168.1.4/24. To enable you to ping the interface, select the management profile that you created in Step 2 6 To save the interface configuration, click OK.
Configure the interface that connects to the DMZ. Select the interface you want to configure. Select Layer3 from the Interface Type drop-down. In this example, we are configuring Ethernet1/13 as the DMZ interface. On the Config tab, expand the Security Zone drop-down and select New Zone. In the Zone dialog, define a Name for new zone, for example DMZ, and then click OK. Select the Virtual Router you used in Step 2, default in this example. To assign an IP address to the interface, select the IPv4 tab and the Static radio button, click Add in the IP section, and enter the IP address and network mask to assign to the interface, for example 10.1.1.1/24. To enable you to ping the interface, select the management profile that you created in Step 2 6 To save the interface configuration, click OK.
Save the interface configuration. Click Commit.
Cable the firewall. Attach straight through cables from the interfaces you configured to the corresponding switch or router on each network segment.
Verify that the interfaces are active. From the web interface, select Network > Interfaces and verify that icon in the Link State column is green. You can also monitor link state from the Interfaces widget on the Dashboard.

Related Documentation