The Network configuration node on the CloudGen Firewall and on the Control Center provides all options to configure all basic features related to network connectivity. These options cover the special usage of IP addresses and their behavior related to important box-layer-based services of the CloudGen Firewall such as management of the firewall, box-layer-based IP addresses, and high availability.
Interfaces and IP Addresses
IP Address Configuration
IP addresses are the essential information for identifying endpoints and for forwarding network traffic between them. To provide basic operation for this, the CloudGen Firewall handles IP addresses in various ways.
For more information, see Understanding the Usage of Operational-Relevant IP Addresses on the CloudGen Firewall.
Hardware systems are automatically configured with the correct number of network ports and interfaces. For hardware systems with Barracuda network modules or virtual systems, it may be necessary to add additional network interfaces. These network interfaces must also be added to the configuration of the CloudGen Firewall. If you are planning to use VLANs, make sure to use Barracuda network modules or virtual network adapters that use kernel modules with VLAN support.
For more information, see How to Add Additional Network Interfaces
Virtual LAN (VLAN)
VLANs allow you to split one physical network interface into several virtual LANs. The physical interface behaves as if it were several interfaces, and the switch behaves as if it were multiple switches. The CloudGen Firewall can use up to 256 VLANs on one physical network interface and a maximum of 4096 VLANs globally.
For more information, see How to Configure VLANs.
Ethernet bundles - also known as "Ethernet channel", "Link Aggregation", "Trunking", or "Bonding" - combine multiple physical ports into a single virtual link to increase the physical bandwidth available for the connection. Ethernet bundles can operate in several modes, providing different advantages for specialized situations.
For more information, see How to Configure Ethernet Bundles.
Layer 2 Bridging
Layer 2 Bridging provides the option to act as a proxy ARP between two peers.
For more information, see How to Configure Layer 2 Bridging.
Routing tables are used to store the best path to a remote network. The CloudGen Firewall uses the routing tables to forward traffic to the correct interfaces, next hop gateways, or VPN tunnels. The destination, route metric, and source address (optional) of an IP packet is used to determine which route matches and where the packet is forwarded to.
Virtual routers are virtual instances that work like a hardware router. Because virtual routers can be run as multiple software instances on a common hardware, network paths can be segmented without additional devices. They can also use same IP addresses on each instance, which can even overlap without conflicting with each other.
For more information, see Virtual Routing and Forwarding (VRF).
Connecting to the Internet
xDSL / DHCP, Wireless WAN
The CloudGen Firewall supports various types of Internet connections. If multiple ISP connections are used, the firewall offers granular control over link balancing and load balancing either on a per-access-rule basis or via route metric. You can configure the following Internet connections:
- Static IP addresses
- Dynamic IP addresses (DHCP)
- xDSL with PPPoE and PPTP
- Wireless WAN using the external Barracuda USB Modem
For more information, see WAN Connections.
IP tunneling provides the option to configure point-to-point network tunnels based on generic routing or plain IP-in-IP encapsulation.
For more information, see How to Configure Web Security Service Integration using GRE Tunnels and a Static Public IP.
Advanced Network Configurations
For more information, see How to Make a CloudGen Firewall Centrally Manageable Without a Control Center .
The Integrity Check lets you select between different options for doing a logical test of the network configuration before it is activated.
For more information, see How to Configure the Consistency Verification for Network Configurations.
User scripts can be added in order to be executed when the network subsystem is restarted.