About IP Addresses
To send ordinary mail to a person, you must know his or her street address. For one computer on the Internet to send data to a different computer, it must know the address of that computer. A computer address is known as an Internet Protocol (IP) address. All devices on the Internet have unique IP addresses, which enable other devices on the Internet to find and interact with them.
Fireware supports both IPv4 and IPv6 addresses. IPv6 addresses are supported only when the Firebox is configured in mixed routing mode.
For more information about Fireware support for IPv6, see About IPv6 Support.
An IPv4 address consists of four octets (8-bit binary number sequences) expressed in decimal format and separated by periods. Each number between the periods must be within the range of 0 and 255. Some examples of IPv4 addresses are:
Private Addresses and Gateways
Many companies create private networks that have their own address space. The addresses 10.x.x.x and 192.168.x.x are reserved for private IP addresses. Computers on the Internet cannot use these addresses. If your computer is on a private network, you connect to the Internet through a gateway device that has a public IP address.
Usually, the default gateway is the router that is between your network and the Internet. After you install the Firebox on your network, it becomes the default gateway for all computers connected to its trusted or optional interfaces.
About Subnet Masks
For better security and performance, networks are often divided into smaller portions called subnets. All devices in a subnet have similar IP addresses. For example, all devices that have IP addresses whose first three octets are 10.0.1 belong to the same /24 subnet.
The subnet mask for a network IP address, or netmask, is a series of bits that mask sections of the IP address that identify which parts of the IP address are for the network and which parts are for the host. A subnet mask can be written in the same way as an IP address, or in slash or CIDR notation. Firebox configuration settings always use slash notation. For more information, see About Slash Notation.
When you configure an interface IP address for a Firebox or other network device, the device listens for connections to that specific IP address. The subnet mask defines the local network connected to that interface, but the Firebox listens for connections only to the configured interface IP address.
IPv6 increases the IP address size from the 32 bits found in IPv4 to 128 bits. This allows for a more structured hierarchy in addresses, and supports a much larger total number of addresses.
IPv6 Address Format
An IPv6 address contains eight groups of 16-bit hexadecimal values, separated by colons (:). The hexadecimal digits are not case-sensitive. Some examples of IPv6 addresses are:
The first four groups of 16-bit hexadecimal values represent the network. The last four groups of 16-bit hexadecimal values are the interface ID that uniquely identifies each networked device. This value is usually derived from the MAC address of the device.
Shorten an IPv6 Address
There are two ways you can shorten the notation of an IPv6 address:
- Remove leading zeros — In each 16-bit hexadecimal address group, you can remove the leading zeros. For example, these two IPv6 addresses are equivalent:
- Remove groups of zeros — If an IPv6 address contains adjacent groups of 16-bit hexadecimal values that are all zeros (0000), you can replace one group of adjacent blocks of zeros with two colons (::). For example, these two IPv6 addresses are equivalent:
You can use two colons (::) only once in an IPv6 address to represent adjacent groups with all zeros.
The IPv6 prefix indicates the subnet associated with an IPv6 address. The prefix is expressed as a slash (/) followed by the prefix size, which is a decimal number between 1 and 128. The prefix size indicates how many bits of the address make up the network identifier prefix. Examples of IPv6 prefixes are:
- /64 — The prefix used for a single subnet
- /48 — Prefix used for a site that could have multiple subnets