Configure an External Interface

An external interface is used to connect your Firebox to a network outside your organization. Often, an external interface is the method by which you connect your device to the Internet.

When you configure an external interface, you must choose the method your Internet service provider (ISP) uses to give you an IPv4 address for your device. If you do not know the method, get this information from your ISP or network administrator. In addition to the IPv4 address, you can optionally configure an IPv6 address.

For information about methods used to set and distribute IP addresses, see Static and Dynamic IP Addresses.

For information about 31-bit and 32-bit subnet masks, see Use a 31-bit or 32-bit Subnet Mask.

For information about IPv6 configuration, see Configure IPv6 for an External Interface.

For information about how to configure a Firebox T10-D to connect to a DSL line, see About DSL on the Firebox T10-D.

In Fireware v12.1 and higher, modems appear in the list of external interfaces. For more information about modem interfaces, see About Modem Interfaces.

Use a Static IPv4 Address

If your device has a static IP address, you configure a static IP address and default gateway. In most cases, the default gateway is on the same subnet as the IP address. You can configure a physical external interface with a default gateway on a different subnet than the interface IP address.

Use PPPoE Authentication to Get an IPv4 Address

If your ISP uses PPPoE, you must configure PPPoE authentication before your device can send traffic through the external interface. Fireware supports the PAP, EAP, CHAP, MS-CHAP and MS-CHAPv2 PPPoE authentication methods.

Use DHCP to Get an IPv4 IP Address

Configure the interface to use the DHCP client to get an IPv4 IP address.

You can optionally enable the DHCP Force Renew option. This feature enables the Firebox to handle a FORCERENEW message from your ISP or DHCP provider. The DHCP server sends a FORCERENEW message to request that the DHCP client renew the leased IP address sooner than it ordinarily would, based on the configured lease time. If your ISP or DHCP provider requests that you enable this option, they might also specify a shared key. The shared key is optional, but recommended. If you specify a shared key, it must match the shared key in the FORCERENEW message. If you do not specify a shared key, the Firebox responds to any FORCERENEW message, whether a shared key is present or not.

To enable the Firebox to manage a DHCP FORCERENEW request:

  1. In the DHCP settings, select the DHCP Force Renew check box.
  2. (Optional) In the Shared Key text box, type the shared key.
    The shared key is encrypted and stored in the configuration file.

About DNS Servers

Your Firebox must use a DNS server to resolve host names to IP addresses. The DNS server configuration depends on how your external interface is configured.

External Interface with a Static IP Address

If you configure the external interface to use a static IP address, you must also specify the IP address of at least one DNS server so that your device can resolve DNS queries. For information about how to specify a DNS server, see Configure Network DNS and WINS Servers.

External Interface with a Dynamic IP Address

If you configure the external interface to use DHCP to get a dynamic IP address, your device automatically receives a DNS server IP address when it receives the interface IP address.

If you configure the external interface to use PPPoE to get a dynamic IP address, your device automatically receives a DNS server IP address when it receives the interface IP address if the .

If per-interface DNS servers, DNSWatch, or DNS Forwarding rules are configured on your Firebox, some DNS queries are not sent to Network DNS servers or ISP DNS servers. For more information about DNS server precedence, see About DNS on the Firebox.

DNS Server Information

In Firebox System Manager, you can see the DNS servers your device uses on the Front Panel > Interfaces > DNS Servers tab. For more information, see Device Status.

In Fireware Web UI, you can see the DNS servers your device uses on the Dashboard > Interfaces > Detail page. For more information, see Interface Information and SD-WAN Monitoring.

See Also

Common Interface Settings

About Advanced Interface Settings