- Table of Contents
-
- 08-Configuration Examples
- 01-Web Login Configuration Examples
- 02-Internet Access Through a Static IP Address Configuration Examples
- 03-Internet access through PPPoE configuration examples
- 04-Signature Library Upgrade Configuration Examples
- 04-Software Upgrade Examples(only for F50X0-D and F5000-AK5X5 firewalls)
- 05-Software Upgrade Examples
- 06-Static routing configuration examples
- 07-OSPF configuration examples
- 08-BGP configuration examples
- 09-RIP configuration examples
- 10-DHCP configuration examples
- 11-DNS configuration examples
- 12-Object Group Configuration Examples
- 13-Public key management configuration examples
- 14-Security Policy Configuration Examples
- 15-Attack defense configuration examples
- 16-Connection Limit Configuration Examples
- 17-IPS Configuration Examples
- 18-URL Filtering Configuration Examples
- 19-Anti-Virus Configuration Examples
- 20-Data Filtering Configuration Examples
- 21-File Filtering Configuration Examples
- 22-APR-Based Security Policy Configuration Examples
- 23-Bandwidth Management Configuration Examples
- 24-NAT configuration examples
- 25-NAT hairpin configuration examples
- 26-IPsec configuration examples
- 27-SSL VPN configuration examples
- 28-Server Load Balancing Configuration Examples
- 29-Outbound Link Load Balancing Configuration Examples
- 30-Inbound Link Load Balancing Configuration Examples
- 31-Transparent DNS Proxy Configuration Examples
- 32-Context Configuration Examples
- 32-Context Configuration Examples(only for F50X0-D and F5000-AK5X5 firewalls)
- 33-IRF configuration examples
- 34-High Availability Group Configuration Examples
- 35-NAT Flow Logging Configuration Examples
- 36-User identification configuration examples
- 37-Server Connection Detection Configuration Examples
- 38-IP Reputation Configuration Examples
- 39-NPTv6 Configuration Examples
- 40-SSL Decryption Configuration Examples
- 41-MAC Address Learning Through a Layer 3 Device Configuration Examples
- 42-WAF Configuration Examples
- 43-NetShare Control Configuration Examples
- 44-4G Configuration Examples
- 45-WLAN Configuration Examples
- Related Documents
-
Title | Size | Download |
---|---|---|
02-Internet Access Through a Static IP Address Configuration Examples | 318.51 KB |
Internet access through a static IP address configuration examples
Introduction
The following information provides the configuration examples of using a static IP address to access the Internet.
This document is not restricted to specific software or hardware versions. Procedures and information in the examples might be slightly different depending on the software or hardware version of the device.
The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
The following information is provided based on the assumption that you have basic knowledge of IP features.
Example: Configuring Internet access through a static IP address
Network configuration
As shown in Figure 1, a device is deployed as the egress device that connects the internal network to the ISP. Perform the following tasks to allow the internal users to access the Internet:
· Configure the DHCP server on the device to assign private IP addresses and the DNS server address to the hosts.
· Allow the internal users to access the Web server on the Internet. The website of the Web server is www.example.com.
Software versions used
This configuration example was created and verified on F9345 of the F1060 device.
Restrictions and guidelines
When you configure the DHCP server on the device, perform the following tasks:
· Allow traffic from security zones Trust (to which the DHCP server belongs) to Local to ensure that the DHCP clients can obtain IP addresses.
· Enable DNS proxy on the device to convey DNS requests between the DNS server and the DNS clients.
Procedures
Configuring the device
1. Configure a static IP address.
# On the top navigation bar, click System.
# From the navigation pane, select Configuration Wizard > Internet Access.
Figure 2 Internet access configuration page
# Select the routing mode and click Configure.
# Configure the WAN interface as shown in Figure 3.
Figure 3 WAN interface configuration
# Click Next.
# Configure the LAN interface as shown in Figure 4.
Figure 4 LAN interface configuration
# Click Next. Skip the configuration for the DMZ interface, security configuration, and WAN acceleration.
# Configure flow control, as shown in Figure 5.
Figure 5 Flow control configuration
# Click Next. The following page opens.
Figure 6 Verify the configuration
# Verify the configuration and click Finish. The following page opens.
Figure 7 Interface access configuration
# The system also creates a dynamic NAT policy after you finish the Internet access configuration. To view the NAT policy:
a. On the top navigation bar, click Policies.
b. From the navigation pane, select NAT > Dynamic NAT > Policy Configuration.
Figure 8 Outbound dynamic NAT configuration
2. Configure a security policy.
# After you configure the Internet access through a static IP address, the system automatically creates a security policy named GuideSecPolicy.
# To view the security policy:
a. On the top navigation bar, click Policies.
b. From the navigation pane, select Security Policies > Security Policies.
Figure 9 Security policy configuration page
# Click the Edit icon for this security policy.
# In the dialog box that opens, add security zone Local to the source zones, and add security zones Trust and Local to the destination zones.
Figure 10 Editing the security policy
3. Configure DHCP.
# On the top navigation bar, click Network.
# From the navigation pane, select DHCP > DHCP Address Pools.
# Click the Address Pool Options tab, and configure the settings as shown in Figure 11.
Figure 11 Address pool option configuration
4. Configure DNS proxy.
# On the top navigation bar, click Network.
# From the navigation pane, select DNS > Advanced Settings.
# Enable the DNS proxy.
Figure 12 DNS proxy configuration page
Configuring the host
# Configure the host to obtain an IP address through DHCP.
Verifying the configuration
1. Display the IP address that the host obtains.
C:\>ipconfig /all
Ethernet adapter Ethernet 1:
Connection-specific DNS SUffix.:
Description....................: Intel(R) 82579LM Gigabit Network Connection
Physical Address...............: E8-39-35-5C-92-B8
DHCP Enabled ..................: Yes
Autoconfiguration Enabled......: Yes
Link-local IPv6 Address........: fe80::b8dd:d091:201a:6db2%13(Preferred)
IPv4 Address...................: 172.16.1.3(Preferred)
Subnet Mask....................: 255.255.255.0
Lease Obtained.................: Monday, October 8, 2018 2:44:36 AM
Lease Expires..................: Tuesday, October 9, 2018 2:44:36 AM
Default Gateway................: 172.16.1.254
DHCP Server....................: 172.16.1.254
DHCPv6 IAID....................: 384317749
DHCPv6 Client DUID.............: 00-01-00-01-1F-B4-A3-F5-B8-A3-86-6F-0F-02
DNS Server.....................: 219.141.136.102
NetBIOS over Tcpip.............: Enabled
2. Verify that you can ping a domain name on the public network from the host.
C:\>ping www.example.com
Pinging www.example.com [192.168.100.201] with 32 bytes of data:
Reply from 192.168.100.201: bytes=32 time<1ms TTL=253
Reply from 192.168.100.201: bytes=32 time<1ms TTL=253
Reply from 192.168.100.201: bytes=32 time<1ms TTL=253
Reply from 192.168.100.201: bytes=32 time<1ms TTL=253
Ping statistics for 192.168.100.201:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms