Configure an External Interface

An external interface is used to connect your Firebox to a network outside your organization. Often, an external interface is the method by which you connect your device to the Internet.

When you configure an external interface, you must choose the method your Internet service provider (ISP) uses to give you an IPv4 address for your device. If you do not know the method, get this information from your ISP or network administrator. In addition to the IPv4 address, you can optionally configure an IPv6 address.

For information about methods used to set and distribute IP addresses, see Static and Dynamic IP Addresses.

For information about 31-bit and 32-bit subnet masks, see Use a 31-bit or 32-bit Subnet Mask.

For information about IPv6 configuration, see Configure IPv6 for an External Interface.

For information about how to configure a Firebox T10-D to connect to a DSL line, see About DSL on the Firebox T10-D.

Use a Static IPv4 Address

If your device has a static IP address, you configure a static IP address and default gateway. In most cases, the default gateway is on the same subnet as the IP address.

In Fireware XTM v11.9.1 or higher, you can configure a physical external interface with a default gateway on a different subnet than the interface IP address.

Use PPPoE Authentication to Get an IPv4 Address

If your ISP uses PPPoE, you must configure PPPoE authentication before your device can send traffic through the external interface. Fireware supports the PAP, EAP, CHAP, MS-CHAP and MS-CHAPv2 PPPoE authentication methods.

Use DHCP to Get an IPv4 IP Address

Configure the interface to use the DHCP client to get an IPv4 IP address.

You can optionally enable the DHCP Force Renew option. This feature enables the Firebox to handle a FORCERENEW message from your ISP or DHCP provider. The DHCP server sends a FORCERENEW message to request that the DHCP client renew the leased IP address sooner than it ordinarily would, based on the configured lease time. If your ISP or DHCP provider requests that you enable this option, they might also specify a shared key. The shared key is optional, but recommended. If you specify a shared key, it must match the shared key in the FORCERENEW message. If you do not specify a shared key, the Firebox responds to any FORCERENEW message, whether a shared key is present or not.

To enable the Firebox to manage a DHCP FORCERENEW request:

  1. In the DHCP settings, select the DHCP Force Renew check box.
  2. (Optional) In the Shared Key text box, type the shared key.
    The shared key is encrypted and stored in the configuration file.

About DNS Servers

Your Firebox must use a DNS server to resolve host names to IP addresses. If you configure the external interface to use a static IP address, you must also specify the IP address of at least one DNS server so that your device can resolve DNS queries. If you configure the external interface to use PPPoE or DHCP to get a dynamic IP address, your device automatically receives a DNS server IP address when it receives the interface IP address.

For information about how to specify a DNS server, see Add WINS and DNS Server Addresses.

In Firebox System Manager, you can see the DNS servers your device uses on the Front Panel tab. For more information, see Device Status.

In Fireware Web UI, you can see the DNS servers your device uses on the Dashboard > Interfaces page. For more information, see Interfaces.

See Also

Common Interface Settings

About Advanced Interface Settings

Give Us Feedback     Get Support     All Product Documentation     Technical Search