Create and configure a VLAN interface
Last adaptation to the version: 12.6.0
New:
- Function: Update associated network objects
- Function: Assign IPv6 addresses
- Updated to Redesign of the webinterface
This article refers to a Resellerpreview
Creating a VLAN interface
A VLAN interface is created under Area Network interfaces Button .
Wizard step 1 (name and IP address)Wizard step 1 (name and IP address)
| |||
| Caption | Value | Description | UTMuser@firewall.name.fqdnNetworkNetwork configuration  Wizard step 1
|
|---|---|---|---|
| Name: | The name of the virtual interface is automatically formed from the physical interface used and the VLAN ID | ||
| Interface: | LAN1 | physical interface used | |
| VLAN ID: | 100 |
VLAN ID used (here:100) | |
| IP address: | 10.10.55.1/24 | IP address of the virtual interface | |
| DHCP Client: | off | When activated, the interface obtains its IP address as a client from a DHCP server. | |
Wizard Step 2 (Zones)Wizard Step 2 (Zones)
| |||
| Zones: | Under the menu item Zones, the zones of the interface are displayed or defined. For a better understanding there is a corresponding article Zone concept in the Wiki. |
 | |
| Add new zone | Yes | Automatically adds a new zone and associates it with the virtual interface. The associated zone for the interface itself (firewall-) is automatically generated and does not need to be specified. | |
| dmz0 | Name for the new zone | ||
| Generate rules: | No | Creates autogenerated rules to facilitate commissioning. These rules cannot be changed and must be replaced by individual rules in any case. | |
| Update associated network objects: notempty New as of v12.6.0 |
on | If an existing zone has been selected, all network objects that are already in this zone and have an interface as a target are moved to the new interface. | |
| Complete the wizard with | |||
The resulting VLAN configuration might look like the following:
Edit VLAN interface
A Vlan interface is edited under Area Network interfaces Button .
General
General
| Caption | Value | Description | UTMuser@firewall.name.fqdnNetworkNetwork configuration  Tab General
|
|---|---|---|---|
| Name: | The name of the virtual interface is automatically formed from the physical interface used and the VLAN ID | ||
| Interface: | LAN1 | physical interface used | |
| VLAN ID: | 100 |
VLAN ID used (here:100) | |
| MTU: | 1500 |
The Maximum Transmission Unit specifies the maximum packet size in bytes that can be transmitted without fragmentation. | |
| DHCP Client: | off | When activated, the interface obtains its IP address as a client from a DHCP server. | |
| Router Advertisement: | Off | Routers announce their presence in the network via Router Advertisement(RA). This happens periodically or on Router Solicitation requests (RS-Request). If the UTM has received an IPv6 prefix, it can announce the subnet via Router Advertisement in the network segment behind the interface. (See article IPv6 Prefix Delegation) | |
| Assign IPv6 addresses: notempty New as of v12.6.0 |
Yes | An IPv4 and an IPv6 address is assigned to all devices behind this network configuration. | |
| Route Hint IPv4 | Via the field "Route Hint" it is possible to define the gateway of the interface. This has the advantage, for example, that only the interface (e.g. LAN3) has to be specified in routing and not directly the gateway IP. | ||
| Route Hint IPv6 | Via the field "Route Hint" it is possible to define the gateway of the interface. This has the advantage, for example, that only the interface (e.g. LAN3) has to be specified in routing and not directly the gateway IP. | ||
| IPv6 Prefix Delegation: | Off | Activates IPv6 prefix delegation in order to be assigned IPv6 prefixes on this interface. notempty Only allowed for external interfaces
| |
IP addresses IP addresses
| |||
| IP addresses: | »10.10.55.1/24 | By clicking in the click box, one or more addresses can be placed on an interface. |  |
Zones:Zones:
| |||
| Zones: | »dmz0 »firewall-dmz0 | Under the menu item Zones, the zones of the interface are displayed or defined. For a better understanding there is a corresponding article Zone concept in the Wiki. |
 |
| Update associated network objects: notempty New as of v12.6.0 |
on | If an existing zone has been selected, all network objects that are already in this zone and have an interface as a target are moved to the new interface. | |
DynDNS DynDNS
| |||
| Enabled: | Yes | Enables or disables (default) the DynDNS function |  |
| Hostname: | hostname.spdns.de | Desired Hostname | |
| User: | hostname.spdns.de | The corresponding user name must be entered here. | |
| Password: | The password must be entered here. | ||
| Server: | update.spdyn.de | The securepoint update server | |
| MX: | |||
| Webresolver: | On | Must be activated if the NAT router is located before the DNS (i.e.: UTM → Fritzbox/Speedport → internet) | |
| Protocol: | The DNS service can be activated for IPv4 or IPv6 addresses only, or both IPv4 and IPv6. | ||
FallbackFallback
| |||
| Fallback interface: | LAN2 | Interface to switch to in the event of a failure. If an Ethernet LAN interface (connection to another router) is used as a fallback interface, a RouteHint must be entered there. See also the separate article on Fallback. |
 |
| Ping-check Host: | »203.0.2.203»192.0.2.192 Example IPs must be replaced |
Up to 4 hosts of your choice to be pinged to confirm the availability of the network. If a ping check host does not respond, the following IP address is tried immediately. If none of the ping check hosts responds, this is considered a failed attempt and checked again after the ping check interval. | |
| Ping-check Interval: | 5 |
Period between ping attempts | |
| Ping-check Threshold: | 4 |
Number of failed ping attempts before switching to the fallback interface. | |