You use the drop-in mode when you want to put computers that use the same network on different Firebox interfaces. Usually, you use this mode when:
With a drop-in configuration, the Firebox uses the same IP address and subnet mask for all of its interfaces. You indicate the subnet mask using slash notation.
The subnet mask shows the range of IP addresses in the drop-in network. For example, if you give the Firebox the IP address 1.1.1.5/24, this means that all Firebox interfaces have IP address 1.1.1.5. The drop-in network includes IP addresses from 1.1.1.1 to 1.1.1.254. The /24 indicates subnet mask 255.255.255.0.
When you use the drop-in configuration, a computer with an IP address in the drop-in network can go on any Firebox interface. When you install the Firebox between the router and the LAN, it is not necessary to change the configuration of a local computer if it has an IP address in the drop-in network. The public servers behind the Firebox can continue to use public IP addresses in the drop-in network range.
You can also put computers on the same LAN that use IP addresses from a different network. See Adding Secondary Networks.
The Firebox does not use network address translation to send traffic from the external network to a public server (static NAT) that has an IP address in the drop-in network.
It is possible to masquerade the IP addresses of the computers in the drop-in network when they send traffic to the external network (dynamic NAT). To get more information about NAT, see Configuring Network Address Translation.
To use the Policy Manager to set the Firebox in drop-in configuration mode:
When you type an IP address, type all the numbers and the dots. Do not use the TAB or arrow key.
You can not use drop-in configuration if your ISP uses DHCP or PPPoE to give the Firebox its IP address.
Copyright © 1996 - 2005 WatchGuard Technologies, Inc.
All rights reserved.
Legal Notice/Terms of Use