Configure the Firebox Without External Interfaces

By default, your Firebox configuration has an enabled external interface. However, an external interface is not required if the Firebox is not an edge firewall. For example, you do not have to configure an external interface on a Firebox that is used on your LAN to isolate networks if another device protects the edge between the LAN and WAN.

If you do not configure an external interface on the Firebox, a Default Gateway text box appears on the Interfaces page. You must specify the IP address of the default gateway so the Firebox can route outbound traffic. The default gateway IP address must be associated with a configured interface on your Firebox.

You must also configure a dynamic NAT (DNAT) rule so the Firebox can route outbound traffic to the next hop after the default gateway. For information about dynamic NAT, go to About Dynamic NAT.

Make sure to also review your firewall policies and update any default policies that use the Any-External alias.

If you disable an interface, the Firebox removes that interface from the Alias list and from any policy that uses the interface.

To configure a Firebox without external interface, from Fireware Web UI:

  1. Connect to the Firebox from a computer behind an internal Firebox interface. Keep in mind that you will lose access to the Firebox over the external interface.
  2. Select Network > Interfaces.
  3. Select the External interface and click Edit.
  4. From the Interface Type drop-down list, select Disabled.
  5. Click Save.
    The Default Gateway setting appears.
  6. In the Default Gateway text box, type the IP address of the default gateway. In our example, we specify the default gateway 203.0.113.1. That IP address is on the same network as the Internet-gateway interface, which has the IP address 203.0113.254/24.

Screen shot of the Default Gateway setting in Fireware Web UI

To configure a Firebox without external interface, from Policy Manager:

  1. Connect to the Firebox from a computer behind an internal Firebox interface. Keep in mind that you will lose access to the Firebox over the external interface.
  2. Select Network > Configuration.
  3. On the Interfaces tab, select the External interface and click Configure.
  4. From the Interface Type drop-down list, select Disabled.
  5. Click OK.
    The Default Gateway setting appears.
  6. In the Default Gateway text box, type the IP address of the default gateway. In our example, we specify the default gateway 203.0.113.1. That IP address is on the same network as the Internet-gateway interface, which has the IP address 203.0113.254/24.

Screen shot of the Default Gateway setting in Policy Manager

Related Topics

About Network Modes and Interfaces

Common Interface Settings