Network
This document is about the Web Administration section Network. It has five tabs; Addresses, DNS, Routing, VLAN and Ethernet. The network configuration is usually the first task that is carried out during the deployment of an appliance. Please note that a network operating system like H/OS 2 can be either "forwarding" or not. A forwarding appliance can route IP/IPv6 traffic through itself.
- Forwarding: SX
- Not forwarding: SPG and VSP
Forwarding or not, an appliance always usually has one or more IP addresses, which is responds to. Some appliances with transparent bridges can operate without IP addresses, but that is beyond the scope of this document. The next section deals with addresses.
Contents |
Addresses
An address, either IP or IPv6, is assigned to an interface. The by far most common interface type is the Ethernet port. An appliance from Halon always has at least one Ethernet interface. Each interface can have multiple addresses, possibly on different subnets. To configure addresses on VLAN interfaces, first configure the VLAN interface on a physical "parent" interface, and then choose it as interface on the addresses tab.
Routing
Most importantly, the default gateway (0.0.0.0 route) is added by creating a route to network "default" (using the checkbox) on the Routing tab of the Network section. Normal static routes are added in a similar fashion, by specifying the network using the bitmask notation.'
DNS
Domain name servers are, probably not surprisingly, added on the DNS tab. DNS items (servers) can be moved using the blue arrow-button to the right in the table header, as they are weighted as of their position in the list.
DNSSEC
In order to use DNSSEC validation (which you should, now that the DNS root has been signed), enable the DNS cache and DNSSEC options on the DNS tab. That's it :)
Please note that all DNS servers you specified on the DNS page has to support at least proper relaying of DNSSEC data. That normally implies supporting EDNS packets. Should you notice any issues resolving domains after enabling DNSSEC (errors are shown in the system log), try to replace the configured DNS server with ones that are confirmed to work with DNSSEC.
