DHCP Server Setup
If the Clavister Security Gateway is to act as a DHCP server then this can be set up in the following
way:
First define an IPv4 address object which has the address range that can be handed out. Here, we
will use the IPv4 range
192.168.1.10-192.168.1.20
as an example and this will be available on the
G3 interface which is connected to the protected internal network
G3_net
.
Device:/> add Address IP4Address dhcp_range
Address=192.168.1.10-192.168.1.20
The DHCP server is then configured with this IP address object on the appropriate interface. In
this case we will call the created DHCP server object
dhcp_lan
and assume the DHCP server will
be available on the G3 interface:
Device:/> add DHCPServer dhcp_lan
IPAddressPool=dhcp_range
Interface=G3
Netmask=255.255.255.0
DefaultGateway=InterfaceAddresses/G3_ip
DNS1=dns1_address
It is important to specify the
Default gateway
for the DHCP server since this will be handed out to
DHCP clients on the internal network so that they know where to find the public Internet. The
default gateway is always the IP address of the interface on which the DHCP server is configured.
In this case,
G3_ip
.
NTP Server Setup
Network Time Protocol
(NTP) servers can optionally be configured to maintain the accuracy of the
system date and time. The command below sets up synchronization with the two NTP servers at
hostname
pool.ntp.org
and IPv4 address
10.5.4.76
:
Device:/> set DateTime TimeSyncEnable=Yes
TimeSyncServer1=dns:pool.ntp.org
TimeSyncServer2=10.5.4.76
The prefix
dns:
is added to the hostname to identify that it must resolved to an IP address by a
DNS server (this is a convention used in the CLI with some commands).
Syslog Server Setup
Although logging may be enabled, no log messages are captured unless a server is set up to
receive them and
Syslog
is the most common server type. If the Syslog server's address is
195.11.22.55
then the command to create a log receiver object called
my_syslog
which enables
logging is:
Device:/> add LogReceiverSyslog my_syslog IPAddress=195.11.22.55
Allowing ICMP Ping Requests
As a further example of setting up IP rules, it can be useful to allow ICMP
Ping
requests to flow
through the Clavister Security Gateway. As discussed earlier, cOS Core will drop any traffic unless
an IP rule explicitly allows it. Let us suppose that we wish to allow the pinging of external hosts
with the ICMP protocol by computers on the internal
G3_net
network. The commands to allow
this are as follows.
Chapter 3: cOS Core Configuration
57
Содержание Eagle E7
Страница 11: ...Chapter 1 Product Overview 11...
Страница 23: ...Chapter 2 Installation 23...
Страница 50: ...limitation Doing this is described in Section 3 5 Installing a License Chapter 3 cOS Core Configuration 50...
Страница 65: ...Chapter 3 cOS Core Configuration 65...
Страница 72: ...Appendix B Declarations of Conformity 72...
Страница 73: ...Appendix B Declarations of Conformity 73...
Страница 76: ...Clavister AB Sj gatan 6J SE 89160 rnsk ldsvik SWEDEN Phone 46 660 299200 www clavister com...