Description:
This document describes a way to integrate a LANCOM R&S®Unified Firewall into an existing network and to use that Unified Firewall as the gateway.

To gain access to the upstream LANCOM router from the network of the Unified Firewall no additional routing entries have to be created. The necessary routing entries already are already present because of the Internet connection on the Unified Firewall.




Requirements:




Scenario illustrations:
Current situation:

This document assumes a simple network scenario where a LANCOM router operates as a central gateway for the internal network services (e.g. DHCP) and also provides Internet access.

The Internet connection is implemented using the xDSL modem integrated in the LANCOM router or via the WAN interface (for devices without a modem).

  • The local network (IP address range 192.168.1.0/24) is connected to a LANCOM switch, which the local network components (PC, notebook, server, etc.) are connected to.
  • This network scenario is to be extended with an additional component, a LANCOM R&S®Unified Firewall.


Target situation:
This way of integrating the Unified Firewall is also referred to as a “series” connection.
  • The Unified Firewall is connected between the LANCOM router and the LANCOM switch.
  • The network address range for the productive network must be changed on the LANCOM router. This will then be used as an intermediate network to the Unified Firewall.
  • On the Unified Firewall, the interface eth0 is used for a WAN connection with an IP address from the intermediate network.
  • The productive network is on the interface eth1 on the Unified Firewall. This then provides all services on the network (such as DHCP) and also acts as the default gateway.


The series connection arrangement described here has the following advantages and disadvantages:
Advantage:
  • All network traffic passes through the Unified Firewall

Disadvantage:

  • The Unified Firewall inherits the IP address(es) of the LANCOM router


Procedure:
1) Configuring the LANCOM router:
1.1) Open the configuration for the router in LANconfig and switch to the menu item IPv4 → General → IP networks.
1.2) Edit the network INTRANET.
1.3) Enter an IP address from the intermediate network 192.168.0.0/24.
1.4) Switch to the menu IPv4 → DHCPv4 → DHCP networks.
1.5) Edit the entry for the network INTRANET and set the option DHCP server enabled to No to disable the DHCP server.
1.6) The LANCOM router has now been configured. Write the configuration back to the router.


2) Configuring the Unified Firewall.
2.1) Setting up the Internet connection to the LANCOM router:
2.1.1) Open the configuration interface of the Unified Firewall in your browser, change to the menu Network → Connections → Network Connections and click on the chevron icon to enter the advanced view.
2.1.2) Delete the entry for the interface eth0.

By default the interface eth0 is set to DHCP. However, if possible the IP address should be assigned statically (Static), so that portforwarding can be set up on the upstream router, if necessary.

2.1.3) Click on the “+” icon to create a new connection.
2.1.4) Modify the following parameters:
  • Name: Enter a descriptive name.
  • Interface: From the drop-down menu, select the interface eth0.
  • Type: Check that the value is set to Static.
  • IP Adresses: Enter an IP address from the intermediate network. This has to be entered in CIDR notation (Classless Inter-Domain Routing) (e.g. 192.168.0.254/24).
2.1.5) Change to the WAN tab and modify the following parameters:
  • Set a checkmark next to Default Gateway.
  • Default Gateway: Enter the IP address of the LANCOM router in the intermediate network (see step 1.3).

2.2) Setting up the local network on the Unified Firewall:
2.2.1) Modify the entry for the interface eth1.
2.2.2) Modify the following parameters:
  • Name: Enter a descriptive name.
  • IP Adresses: Make sure that an IP address from the productive network has been entered. This must be in CIDR notation (e.g. 192.168.1.254/24).

The default the physical interface eth1 is set with the IP address 192.168.1.254.


2.3) Activating the DHCP server on the Unified Firewall:
2.3.1) Navigate to the menu Network → DHCP Settings.
2.3.2) Modify the following parameters:
  • Activate the DHCP server by clicking the switch.
  • Set a checkmark for Prevent IP Conflicts to allow the Unified Firewall to check for the availability of an address with a ping.
2.3.3) Modify the entry for the interface eth1.
2.3.4) Activate DHCP address assignment by clicking the switch and, from the drop-down menu Network, select the IP network associated with interface eth1. The remaining parameters are entered automatically.

If required, you can adjust the parameters such as the DHCP address range or the DNS servers.


2.4) Creating the desktop objects:
2.4.1) Click the button to Create an Internet object.
2.4.2) Modify the following parameters:
  • Object Name: Enter a descriptive name.
  • Connections: From the drop-down menu, select the WAN Object created in steps 2.1.4 - 2.1.5 and click on the “+” icon to enter the object.
2.4.3) Click the button to create a network.
2.4.4) Modify the following parameters:
  • Name: Enter a descriptive name.
  • Interface: From the drop-down menu, select the interface eth1.
  • Network IP: Click in the input field to automatically enter the network assigned to interface eth1.


2.5) Allow communication from the local network to the Internet:
2.5.1) On the desktop, click the network object and select the Connection Tool. Link the network object to the Internet object.

2.5.2) For the outgoing communications, add the necessary protocols by means of the “+” icon.

2.6) Saving and activating the configuration steps:
2.6.1) Click on the Activate button to accept and enable the changes.

2.7) Further steps Configuring the UTM features: