Specifications
LAN Configuration
97
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
• There is no need to reserve an IP address for a computer in the DHCP server. All IP
address assignments made by the DHCP server are maintained until the computer or
device is removed from the network database, either by expiration (inactive for a long
time) or by you.
• There is no need to use a fixed IP address on a computer
. Because the IP address
allocated by the DHCP server never changes, you do not need to assign a fixed IP
address to a computer to ensure that it always has the same IP address.
• A computer is identified by its MAC address—not its IP address. The network database
uses the MAC address to identify each computer or device. Therefore, changing a
computer’s IP address does not affect any restrictions applied to that computer.
• Control over computers can be assigned to groups and individuals:
- You can assign computers to groups (see Manage the Network Database on this
page) and apply restrictions (outbound rules and inbound rules) to each group (see
Overview of Rules to Block or
Allow Specific Kinds of Traffic on page 136).
- You can select groups that are allowed access to URLs that you have blocked for
other groups, or the other way around, block access to URLs that you have allowed
access to for groups (see
Configure Content Filtering on page 186).
- If necessary, you can also create firewall rules to apply to a single computer (see
Enable Source MAC Filtering
on page 190). Because the MAC address is used to
identify each computer, users cannot avoid these restrictions by changing their IP
address.
Manage the Network Database
You can view the network database, manually add or remove database entries, and edit
database entries.
To view the network database, select Network Configuration > LAN Settings > LAN
Groups. The LAN Groups screen displays. (The following figure shows some manually
added devices in the Known PCs and Devices table as an example.)
Figure 55.