39.5 Network Parameters
39.5.1 Basic Settings
By selecting "Network Parameters -> Basic Settings", you can configure the connection mode and IP address of the Secure Access Gateway device. If the device does not have an IP address set, you need to use the management port to connect to the device and configure it. If the device already has an IP address set, you can configure it directly while connected to the network. After making changes, save the settings, and a reboot of the device is required for the settings to take effect.
39.5.2 VLAN Settings
In bridge mode, if the Secure Access Gateway device is deployed between switches connected via TRUNK mode, you need to enable the TRUNK function.
To enable the TRUNK function, go to "Network Parameters -> VLAN Settings", check "Enable Trunk", and add the VLAN configuration.
VLAN Configuration Information includes the following:
| Attribute Name |
Description |
| ID |
VLAN ID |
| IP Address |
Enter an IP address that does not conflict within the corresponding VLAN ID |
| Subnet Mask |
Subnet mask for the IP address |
Note
1. When adding VLAN configurations, only VLANs other than the Native VLAN or defaultVLAN should be added. Adding configurations to these VLANs could result in network instability.
2. When connecting via TRUNK mode, the IP address, subnet mask, and gateway configuration of the device must belong to either the Native VLAN or defaultVLAN.
3. If no manual changes are made to the Native VLAN or defaultVLAN on the switch, the default VLAN is usually VLAN 1.
39.5.3 Multi-IP Configuration
In bridge mode, when the security gateway device is deployed between a Layer 2 switch and a Layer 3 switch, with multiple VLANs or isolated IP networks, the PCs on the Layer 2 switch are spread across different subnets (non-VLAN), and the gateway also needs to have corresponding IPs for these subnets. In this case, you must enable the Multi-IP Binding configuration.
If the network setup does not meet the above criteria, then enabling Multi-IP binding is unnecessary.
To configure Multi-IP binding:
- 1. Navigate to "Network Parameters -> Multi-IP Configuration".
- 2. Check the option "Enable Multi-IP Binding".
- 3. Add the required IP addresses that are compatible with the isolated subnets.
Multi-IP Binding Configuration Information:
| Attribute Name |
Description |
| IP Address |
The IP address to bind, which should not conflict with the other IP addresses in the same subnet. |
| Subnet Mask |
The subnet mask corresponding to the IP address. |
Note
Do NOT add the security gateway device's current IP network when configuring Multi-IP binding, as this may lead to conflicts.
39.5.4 Forwarding Rule Settings
If a server is deployed in the cloud and public machines need to access the cloud server, while being protected by a security gateway deployed in the corporate intranet, the forwarding feature of the security gateway can be used. When this feature is enabled, the security gateway acts like a gateway device, meaning the cloud server’s IP address is not exposed, and users only know the security gateway's address. The access is made directly to the security gateway, which then performs address translation to redirect to the cloud server.
Setting Forwarding Addresses
In the Secure Access Gateway's web management interface, go to "Network Parameters -> Forwarding Rule Settings," click "Forwarding Address Settings," and add the forwarding addresses.
Forwarding address settings include the following:
| Attribute Name |
Description |
| Forwarding Address |
Only IP addresses are supported. The Secure Access Gateway will use this IP, which must be in the same subnet as the device. Duplicate forwarding addresses are not allowed, but multiple forwarding addresses can be configured. |
Setting Forwarding Rules
In the Secure Access Gateway's web management interface, go to "Network Parameters -> Forwarding Rule Settings," click "Add," and configure the forwarding rule by entering the target address, target port, selecting the forwarding address, forwarding port, and adding remarks. Then save.
Forwarding rule settings include the following:
| Attribute Name |
Description |
| Target Address |
Only IP addresses are supported. Domain names are not supported. This field is required. |
| Target Port |
The corresponding port of the target address. This field is required. |
| Forwarding Address |
Select from the network addresses set in the forwarding address configuration. This field is required. |
| Forwarding Port |
Can be selected from a dropdown or manually entered. The default is the corresponding port. Dropdown options include the corresponding and historical ports. Manual input allows any port number. |
Note
Multiple forwarding rules can be set, and one forwarding address can have multiple forwarding rules.
Don't see what you're looking for?
