User guide

Selecting a Firewall Configuration Mode

User Guide 31

Dynamic IP support on the External interface

If you are supporting dynamic IP addressing, you must choose routed

configuration.

If you choose the Dynamic Host Configuration Protocol (DHCP) option,

the Firebox will request its IP address, gateway, and netmask from a

DHCP server managed by your Internet Service Provider (ISP). This

server can also provide WINS and DNS server information for your

Firebox. If it does not, you must add it manually to your configuration, as

described in “Entering WINS and DNS Server Addresses” on page 58.

You can also change the WINS and DNS values provided by your ISP, if

necessary.

Point-to-Point Protocol over Ethernet (PPPoE) is also supported. As with

DHCP, the Firebox initiates a PPPoE protocol connection to your ISP’s

PPPoE server, which automatically configures your IP address, gateway,

and netmask. However, PPPoE does not propagate DNS and WINS server

information as DHCP does.

If you are using PPPoE on the External interface, you will need the PPP

user name and password when you set up your network. Both username

and password each have a 256-byte capacity.

When the Firebox is configured such that it obtains its IP addresses

dynamically, the following functionality (which requires a static IP

address) is not supported unless you are certain that the dynamic IP

settings sent by your ISP will not change:

• High Availability (not supported on Firebox 500)

•Drop-in mode

•1-to-1 NAT

• Enabling the Firebox as a DVCP server

• BOVPN using Basic DVCP (not supported on factory default Firebox

500)

•MUVPN

• RUVPN with PPTP

Regardless of whether the IP settings are stable, 1-to-1 NAT and external

aliases are not supported when the Firebox is a PPPoE client, and manual

IPSec tunnels are not supported when the Firebox is a DHCP or PPPoE

client.