Sample Interface Configurations
This section shows sample interface configurations based on some typical networks. The example uses two interfaces called Int1 and Int2. In the case of the appliance, these interface names can represent any two interfaces out of the three interfaces (Management, Data1, Data2).
Network 1:
Separate interfaces must appear to be on separate networks.
|
Interface |
IP Address |
Netmask |
Net Address |
|---|---|---|---|
|
Int1 |
192.168.1.10 |
255.255.255.0 |
192.168.1.0/24 |
|
Int2 |
192.168.0.10 |
255.255.255.0 |
192.168.0.0/24 |
Data addressed to 192.168.1.X (where X is any number from 1 through 255, except for your own address, 10 in this case) go out on Int1. Anything addressed to 192.168.0.X goes out on Int2. Any packet headed for some other address not in these formats, most likely out on a WAN or the Internet, is sent to the default gateway, which must be on one of these networks. The default gateway then forwards the packet on.
Network 2:
The network addresses (network parts of the IP addresses) of two different interfaces cannot be the same.
|
Ethernet Interface |
IP Address |
Netmask |
Net Address |
|---|---|---|---|
|
Int1 |
192.168.1.10 |
255.255.0.0 |
192.168.0.0/16 |
|
Int2 |
192.168.0.10 |
255.255.0.0 |
192.168.0.0/16 |
This situation presents a conflict in that two different Ethernet interfaces have the same network address. If a packet from the content security appliance is sent to 192.168.1.11 , there is no way to decide which Ethernet interface should be used to deliver the packet. If the two Ethernet interfaces are connected to two separate physical networks, the packet may be delivered to the incorrect network and never find its destination. The appliance does not allow you to configure your network with conflicts.
You can connect two Ethernet interfaces to the same physical network, but you must construct IP addresses and netmasks to allow the appliance to select a unique delivery interface.