Adding a secondary network, Defining a network route – WatchGuard Technologies FireboxTM System 4.6 User Manual
Page 48
Adding a secondary network
38
Adding a secondary network
A secondary network is a network on the same physical wire as a Firebox interface
that has an address belonging to an entirely different network. Adding a secondary
network to a Firebox interface maps an IP address from the secondary network to the
IP address of the interface. This process is also known as adding an IP alias to the
Firebox interface.
The secondary network IP address becomes the default gateway for all the machines
on that network. Adding the secondary network also tells the Firebox that another
network resides on the wire.
The procedure for adding a network route to all three of the Firebox interfaces is
identical. The description below is for a secondary network on the Optional interface.
From Policy Manager:
1
Select Network => Configuration.
2
Click the Optional tab.
3
In the Secondary Networks section of the dialog box, enter the network address
in slash notation in the text box to the left of the Add button. Click Add.
The address appears in the Secondary Networks list.
Defining a network route
If you have router behind the Firebox, you need to define a network route. From
Policy Manager:
1
Verify that you are using the Advanced view of Policy Manager.
From Policy Manager, select View. Verify that the Advanced menu item has a checkmark in the
box in front of it. If it doesn’t, click it.
2
Select Network => Routes.
3
Click Add.
4
Enter the network address in slash notation.
5
In the Gateway text box, enter the route gateway.
Be sure to specify a route IP address that is on the same network as the Firebox.
6
Click OK.
The Setup Routes dialog box lists the newly configured network route.
7
Click OK.
The route data is written to the configuration file.
The Policy Manager does not verify that you have entered the correct address.
Check secondary network addresses carefully. For example, WatchGuard
recommends that you not enter a subnet on one interface that is part of a
larger network on another interface.