Network Settings (routing, interfaces, etc) Flashcards
Which sections are covered in this deck?
Network routing modes
DNS
Interface types and aliases
Network bridges
Secondary networks
VLANs
Multi-WAN
SD-WAN
Static routing
Dynamic NAT
Static NAT
1-to-1 NAT
Traffic management
You can configure Network settings in three modes - what are they?
Mixed Routing - the only mode that allows you to use ALL Firebox features
Drop-In - some features disabled
Bridge Mode - some features disabled, and does not allow VPN configuration
The Firebox starts in what Routing configuration? (Hint: it’s the most commonly used.)
Mixed Routing mode
NOTE: the Web Setup Wizard (WSW) automatically starts in Mixed Routing mode, while the Quick Setup Wizard in Watchguard System Manager (WSM) can be configured in either Mixed Routing or Drop-In mode
In Drop-In mode, you can but do not need to have NAT, and all Firebox interfaces…
…have the same IP address.
In Bridge mode, layer 2 and layer 3 data is not handled so you cannot configure…
…NAT, VLANs, or routing. But you can configure ONE interface to manage the Firebox.
One of the basic functions of a firewall is to…
…move packets from one side of the firewall to the other. (This is Routing.)
Firewall interfaces are of four types:
Any-External — An alias for any network reachable through a Firebox interface configured as external
Any-Trusted — An alias for any network reachable through a Firebox interface configured as trusted
Any-Optional — An alias for any network reachable through a Firebox interface configured as optional
Any — An alias for any address. This includes any IP address, interface, custom interface, tunnel, or user group.
Exteranal Firebox interfaces can be configured to handle…
Dynamic DNS and IP fetched from external DHCP server or Point-to-Point Protocol over Ethernet (PPPoE) server, and Static IP
The External interface has what alias and default route?
External interface is a member of Any-External alias, and default routing is called “Zero Route” and corresponds to 0.0.0.0/0
Trusted interface alias is called what, and what connects to it?
Any-Trusted, and connects to the private LAN or internal resources you want to protect.
Optional interface connects to…
…mixted trust or DMZ networks, public web, FTP, or mail servers. This is aliased to Any-Optional.
The Custom interface is designated with the alias Any, and is used for…
…any connections that are not members of the other three types, and for which traffic is blocked except as specific policies allow.
Most users configure at least one of these two interfaces:
Trusted and External
Internal interfaces must be STATIC, and conform to:
RFC 1918 and RFC 8190 [memorization]
Syntax for configuring internal network IPv4 addresses is:
Slash notation (network range 192.168.0.0 with subnet mask 255.255.255.0 would be defined on Firebox as 192.168.0.0/24)