Description:

This article describes how to use the Setup Wizard to configure Internet access, a local network, and the UTM functionality.



Requirements:

  • LANCOM R&S®Unified Firewall with LCOS.FX version 10.4 or later
  • A Full License is required to use the UTM functions after the trial period.
  • Web browser for configuring the Unified Firewall.

    The following browsers are supported:
    • Google Chrome
    • Chromium
    • Mozilla Firefox



Procedure:

The Setup Wizard is only available after a fresh installation and is launched automatically after changes to the login data.

The Unified Firewall can be reset to factory settings via System → Factory Settings. Afterwards the Setup Wizard can be started anew.

1) Select Start setup in English.

2) Click on Continue Without Backup to continue with the Setup Wizard.

3) Modify the following parameters and click Next:

  • Firewall Hostname: If required, change the Firewall Hostname.
  • Time Zone: If required, change the Time Zone.
  • Send Usage Statistics: Usage statistics help LANCOM Systems to identify frequently used scenarios and implement new features for them. We recommend that you enable this option.
  • Send Crash Reports: Crash reports help LANCOM Systems with fault analysis. We recommend that you enable this option.

The Firewall Hostname may only contain lower case letters and must not contain numbers since otherwise user authentication via LDAP won't work!

4.1) Configuring Internet access with DHCP dynamic IP address assignment (e.g. via a cable modem):

4.1.1) Modify the following parameters and click Next:

  • Internet Interface: Select the interface to be used for Internet access from the drop-down menu.
  • Internet Access: Select DHCP.

4.2) Configuring Internet access with static IP address assignment (e.g. SDSL):

4.2.1) Modify the following parameters and click Next:

  • Internet Interface: Select the interface to be used for Internet access from the drop-down menu.
  • Internet Access: Select Static Configuration.
  • IP address with prefix length: Enter the IP address assigned by your provider including the subnet mask in CIDR syntax (Classless Inter-Domain Routing).
  • Default Gateway: Enter the Gateway assigned to you by your provider.
  • DNS Server: Enter the DNS server assigned to you by your provider.

4.3) Configuring an ADSL link without a VLAN ID:

4.3.1) Modify the following parameters and click Next:

  • Internet Interface: Select the interface to be used for Internet access from the drop-down menu.
  • Internet Access: Select ADSL/SDSL.
  • Username: Enter the user name assigned to you by your provider.
  • Password: Enter the password assigned to you by your provider.

4.4) Configuring an ADSL or VDSL link with a VLAN-ID:

4.4.1) Modify the following parameters and click Next:

  • Internet Interface: Select the interface to be used for Internet access from the drop-down menu.
  • Internet Access: Select VDSL.
  • VLAN ID: Enter the VLAN ID assigned to you by your provider.
  • Username: Enter the user name assigned to you by your provider.
  • Password: Enter the password assigned to you by your provider.

5) Select the interface the local network is to be connected to, and change the IP and Prefix Length if required (in CIDR syntax).

Check the option Enable DHCP Server if the Unified Firewall is to be used as the DHCP server in the network.

The options Web and Mail under Allow Internet Access should be enabled if the network is supposed to have internet access. If a network doesn't need internet access leave the checkboxes unchecked.

6) Select the desired UTM features and click Next.

By default, all UTM features are enabled.

Operating the UTM features after the trial period expires requires Full License.

7) You can now review your configuration in a Summary. Then click on Finish to complete the setup and write the configuration to the Unified Firewall.

8) Activating the UTM features Anti-Malware and Content Filter activates the HTTPS proxy.

The Web Proxy-CA Certificate must be downloaded and imported into the end devices so that Web pages can still be accessed via HTTPS.

The procedure for importing the HTTPS proxy certificate into a mobile device is described in this Knowledge Base article as of step 3.4.


Manual download of the Mail Proxy CA (Optional):

When using an E-Mail program like MS Outtlook which connects to an E-Mail server in the internet, the Mail Proxy CA has to be exported in the Unified Firewall and imported into the end device which is accessing E-Mails via the E-Mail program.

If an E-Mail server is used in the local network or E-Mails are accessed via the website of an E-Mail provider, the Mail Proxy CA doesn't have to be imported.

Open the the web interface of the Unified Firewall and go to the menu Certificate Management → Certificates, klick on the Export button at Mail Proxy CA and export the certificate in PEM format. The procedure for the certificate import into an end device is described in this Knowledge Base document (as of step 3.4).

All LANCOM products and software versions are subject to LANCOM Software Lifecycle Management.
You can find information on our website at https://www.lancom-systems.com/products/firmware/software-lifecycle-management

© 2019-2024 LANCOM Systems GmbH