Jump to:navigation, search
Wiki

Ethernet Interfaces

From Securepoint Wiki


































































De.png
En.png
Fr.png






Creating and configuring an Ethernet interface
Last adaptation to the version: 12.6.0
New:
notempty
This article refers to a Resellerpreview

12.5.1 11.7

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Network Network Configuration  Area Network Interfaces Button


Creating an Ethernet interface

The creation of an Ethernet interface is done in the menu Network Network configuration  Area Network interfaces Button Ethernet. A wizard opens:

Caption Value Description Schnittstelle hinzufügen UTMuser@firewall.name.fqdn Network Network Configuration UTM v12.1 Netzwerk Ethernet-Schnittstelle Schritt1-en.png
Name: LAN4 Name of the interface.
If ther is an existing unused interface by default the next free LANx name is used.
The name can also be entered manually.
IP Address 192.168.176.1/24 If the interface is to have a fixed IP, this is entered here.
DHCP-Client: off
IPv4
IPv6
IPv4 & IPv6		 Here the setting is made whether - and if so, for which IP protocol - the interface should obtain its IP addresses from a DHCP server.
Zones     Previously created zones can be selected by clicking in the click box. UTM v12.1 Netzwerk Ethernet-Schnittstelle Schritt2-en.png
Add new zone: No
dmz1		 Bei Aktivierung Yes wird eine neue Zone mit einem frei wählbarem Namen (hier: dmz1) erstellt.
Auto-generate rules: No Bei Aktivierung Yes werden autogenerierte Regeln erstellt, um den Netzwerkverkehr zu allen bisher vorliegenden Netzen zu ermöglichen.
notempty
These rules serve exclusively to facilitate the commissioning of the interface. They cannot be edited and must absolutely be replaced by individualized rules and subsequently deactivated or deleted!
Zugehörige Netzwerkobjekte aktualisieren: notempty
New as of v12.6.0
On Wurde eine bereits existierende Zone ausgewählt, werden alle Netzwerkobjekte, die bereits in dieser Zone liegen und eine Schnittstelle als Ziel haben auf die neue Schnittstelle umgezogen.

Finish the wizard with the Finish button.



Edit an Ethernet interface

The configuration of an Ethernet interface is done in the menu Network Network configuration  Area Network interfaces Button

General

General







































Caption Value Description Schnittstelle bearbeiten UTMuser@firewall.name.fqdn Network Network Configuration UTM v12.6 Ethernet Schnittstelle bearbeiten Allgemein-en.png
Name: LAN1 The name of the interface cannot be changed afterwards.
DHCP-Client: off
IPv4
IPv6
IPv4 & IPv6		 Here the setting is made whether - and if so, for which IP protocol - the interface should obtain its IP addresses from a DHCP server.
Router Advertisement: off Hat die UTM (auf einer externen Schnittstelle) ein IPv6 Prefix erhalten, kann sie das Default Gateway und das Subnetz per Router Advertisement bekannt machen und gleichzeitig entsprechende IPv-6 Adressen im angeschlossenen Netzwerk verteilen. (Siehe Artikel IPv6 Prefix Delegation)
IPv6-Adressen vergeben: On Ist es nicht erwünscht, das die UTM IPv6 Adressen verteilt, sondern nur das Default Gateway, dann muss diese Option deaktiviert werden.
IPv6 Prefix Delegation: off Enables IPv6 prefex delegation to get IPv6 prefixes allocated on this interface. (For external interfaces only.)

Settings

Settings
MTU: 1500Link= The Maximum Transmission Unit specifies the maximum packet size that can be transmitted without fragmentation.
Depending on the type of network (cable, Ethernet, VPN use), other values can help with connection problems here.
   		UTM v12.6 Ethernet Schnittstelle bearbeiten Einstellungen-en.png
Autonegotiation: On Allows Ethernet network ports to independently negotiate and configure the maximum possible transmission speed and duplexing with each other.
Speed 10 MBit/s
100 MBit/s
1000 MBit/s		 Speed of network communication
Only with decativated autonegotiation
Duplex: full
half		 Duplex allows data packets to be sent and received simultaneously. HUBs usually only support Halfduplex.
Only with decativated autonegotiation.
If autonegotiation mode is enabled at one end of the link and full-duplex operation is forced at the other end, the autonegotiating subscriber will recognize the link as half-duplex, resulting in a large number of transmission errors. →Wikipedia
  
Route Hint IPv4: 192.0.2.192/---  Via the field "Route Hint" it is possible to define the gateway of the interface. This has the advantage, for example, that only the interface (e.g. LAN3) has to be specified in routing and not directly the gateway IP.
Route Hint IPv6: 2001:DB8::123/---  Via the field "Route Hint" it is possible to define the gateway of the interface. This has the advantage, for example, that only the interface (e.g. LAN3) has to be specified in routing and not directly the gateway IP.

IP Addresses

IP Addresses
IP Addresses »192.168.121.1/24»fc80:1234::1/64 Under the menu item IP addresses one or more addresses can be assigned to an interface. UTM v12.6 Ethernet Schnittstelle bearbeiten IP-Adressen-en.png

Zones

Zones
Zones »internal»firewall-internal»internal_v6»fireall-internal_v6 Under the menu item Zones the zones of the interface are defined.
  • Important: The zone internal should always be assigned to an interface.
    If the zone internal is not assigned to an interface and the administration via the web interface is not explicitly enabled, the web interface can not be accessed anymore!
    		•  UTM v12.6 Ethernet Schnittstelle bearbeiten Zonen-en.png

    DynDNS

    DynDNS
    Enabled: Yes Enables or disables (default) the DynDNS function UTM v12.6 Ethernet Schnittstelle bearbeiten dyndns-en.png
    DynDNS settings
    Hostname: hostname.spdns.de Desired Hostname
    User: hostname.spdns.de The corresponding user name must be entered here.
  • If linked to a reseller account, the corresponding host name must be entered here
    • Password:     The password must be entered here.
  • If linked to a reseller account, the update token must be entered here.
    • Server: update.spdyn.de The securepoint update server
    MX:    
    Webresolver: On Must be activated if the NAT router is located before the DNS (i.e.: UTM → Fritzbox/Speedport → internet)
    Protocol: The DNS service can be activated for IPv4 or IPv6 addresses only, or both IPv4 and IPv6.

    Fallback

    Fallback
    Fallback interface: wan3 Interface that stands in for the main interface in the case of a malfunction.
    The absence of malfunctions is verified by ping-checking an IP.
    Further notes on the configuration of a fallback can be found in a separate Wiki article.     		UTM v12.6 Fallback Netzwerkschnittstellen bearbeiten-en.png
    Fallback settings
    Ping-check IP: »203.0.2.203 »192.0.2.192
    Example IPs must be replacednotempty
    Neu: mehrere IP-Adressen möglich
    		 Host(s) to which the ping check is to be performed.
    This can also be a host in the internal network if necessary.
    Ping-check Intervall: 5Link= Seconds Period between ping attempts
    Ping-check Threshold: 4Link= Attempts Number of failed ping attempts before switching to the fallback interface.
    Retrieved from "https://wiki.securepoint.de/index.php?title=UTM/NET/Ethernet&oldid=88833"