Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X4500
11121314151617181920
User Guide 3
Introduction to Network Security
About IP addresses
To send ordinary mail to a person, you must know his or her street address. For one computer on the Internet
to send data to a different computer, it must know the address of that computer. a computer address is known
as an Internet Protocol (IP) address. All devices on the Internet have unique IP addresses, which enable other
devices on the Internet to find and interact with them.
An IP address consists of four octets (8-bit binary sequences) expressed in decimal format and separated by
periods. Each number between the periods must be within the range of 0 and 255. Some examples of
IP addresses are:
206.253.208.100
4.2.2.2
10.0.4.1
Private addresses and gateways
Many companies create private networks that have their own address space. The addresses 10.x.x.x and
192.168.x.x are set aside for private IP addresses. Computers on the Internet cannot use these addresses. If
your computer is on a private network, you connect to the Internet through a gateway device that has a public
IP address.
Usually, the default gateway is the router that is between your network and the Internet. After you install the
Firebox on your network, it becomes the default gateway for all computers connected to its trusted or
optional interfaces.
About subnet masks
Because of security and performance considerations, networks are often divided into smaller portions called
subnets. All devices in a subnet have similar IP addresses. For example, all devices that have IP addresses
whose first three octets are 50.50.50 would belong to the same subnet.
A network IP address’s subnet mask, or netmask, is a string of bits that mask sections of the IP address to show
how many addresses are available and how many are already in use. For example, a large network subnet
mask might look like this: 255.255.0.0. Each zero shows that a range of IP addresses from 1 to 255 is available.
Each decimal place of 255 represents an IP address range that is already in use. In a network with a subnet
mask of 255.255.0.0, there are 65,025 IP addresses available. A smaller network subnet mask is 255.255.255.0.
Only 254 IP addresses are available.
About slash notation
The Firebox uses slash notation for many purposes, including policy configuration. Slash notation is a compact
way to show the subnet mask for a network. To write slash notation for a subnet mask:
1. First, find the binary representation of the subnet mask.
For example, the binary representation of
255.255.255.0 is
11111111.11111111.11111111.00000000.
2. Count each 1 in the subnet mask.
This example has twenty-four (24) of the numeral 1.
3. Add the number from step two to the IP address, separated by a forward slash (/).
The IP address 192.168.42.23/24 is equivalent to an IP address of 192.168.42.23 with a netmask of
255.255.255.0.