Network settings
The Network menu allows you to configure the unit to operate on the network. This menu provides features for configuring and viewing basic network settings, such as the unit’s interfaces, Domain Name System (DNS) options, and routing table.
This section describes:
l Interfaces l DNS settings l Routing table
Interfaces
In System > Network > Interfaces, you can configure the interfaces that handle incoming and outgoing traffic.
The following information is available:
| Create New | Select to create a new interface. | ||
| Edit | Modifies settings within the interface. When you select Edit, you are automatically redirected to the Edit Interface page. | ||
| Delete | Removes an interface from the list.
To remove multiple interfaces from within the list, on the interface page, in each of the rows of the interfaces you want removed, select the check box and then select Delete. To remove all interfaces from the list, on the Interface page, select the check box in the check box column and then select Delete. |
||
| Column Settings | Select to change the columns that are displayed on the interface list. | ||
| Name | The names of the physical interfaces on your FortiCache unit. This includes any alias names that have been configured. | ||
| Type | The type of the interface. | ||
| IP/Netmask | The current IP address/netmask of the interface.
When IPv6 Support is enabled on the GUI, IPv6 addresses may be displayed in this column. |
||
| Access | The administrative access configuration for the interface. | ||
| Administrative Status | The administrative status for the interface.
If the administrative status is a green arrow, the interface is up and can accept network traffic. If the administrative status is a red arrow, the interface is administratively down and cannot accept traffic. To change the administrative status of an interface, select the Edit icon to edit the interface and change the Administrative Status setting for the interface. |
||
| Link Status | The status of the interface physical connection. Link status can be either up or down. If link status is up there is an active physical connection between the physical interface and a network switch. If link status is down the interface is not connected to the network or there is a problem with the connection. You cannot change link status from the GUI.
Link status is only displayed for physical interfaces. |
||
| MTU | The maximum number of bytes per transmission unit (MTU) for the interface. | ||
| Mode | Shows the addressing mode of the interface. The addressing mode can be manual, DHCP, or PPPoE. | ||
| Secondary IP | Displays the secondary IP addresses added to the interface. | ||
| Ref. | Displays the number of times the object is referenced to other objects. To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object. | ||
Interface settings
Selecting Create New opens the New Interface page provides settings for configuring a new interface. Selecting an interface from the interface list opens the Edit Interface page.
Configure the following settings:
| Name | Enter a name of the interface. Physical interface names cannot be changed. |
| Alias | Enter an alternate name for a physical interface on the FortiCache unit. The alias can be a maximum of 25 characters. The alias name will not appears in logs. This field appears when editing an existing physical interface. |
| Link Status | Indicates whether the interface is connected to a network (link status is Up) or not (link status is Down). This field appears when editing an existing physical interface. |
| Type | Select the type of the interface you want to add from the drop-down list. The options include: 802.3ad Aggregate, Redundant Interface, Loopback Interface, and Software Switch.
You cannot change the interface type except when adding a new interface. |
| Dedicated Management Port | Dedicate an interface for management to simplify configuration in transparent network deployments. This includes the ability to specify Trusted Hosts. See below. |
| Physical Interface Members | This section has two different forms depending on the interface type: Software switch interface: this section is a display-only field showing the interfaces that belong to the software switch virtual interface.
802.3ad aggregate interface: select interfaces from the drop-down list, and add more interfaces as required. |
| Addressing mode | The only addressing mode available on FortiCache units is Manual.
If IPv6 configuration is enabled you can add both a IPv4 and an IPv6 IP address. |
| IP/Netmask | Enter an IPv4 address/subnet mask for the interface. FortiCache interfaces cannot have IP addresses on the same subnet. |
| IPv6 Address | If IPv6 support is enabled on the GUI, enter an IPv6 address/subnet mask for the interface. A single interface can have both an IPv4 and IPv6 address or just one or the other. |
| Enable one-arm sniffer | Available when editing a physical interface. Select to configure this interface to operate as a one-armed sniffer as part of configuring a FortiCache unit to operate as an IDS appliance by sniffing packets for attacks without actually receiving and otherwise processing the packets. Once the interface is enabled for sniffing you cannot use the interface for other traffic. You must add sniffer policies for the interface to actually sniff packets. |
| Enable Explicit Web Proxy | Select to enable explicit web proxying on this interface. When enabled, this interface will be displayed on System > Network > Web Proxy under Listen on Interfaces and web traffic on this interface will be proxied according to the Web Proxy settings. |
| Override Default MTU Value | To change the MTU, select Override default MTU value (1 500) and enter the MTU size based on the addressing mode of the interface.
l 68 to 1 500 bytes for static mode l 576 to 1 500 bytes for DHCP mode l 576 to 1 492 bytes for PPPoE mode l larger frame sizes if supported by the FortiCache model Only available on physical interfaces. Virtual interfaces associated with a physical interface inherit the physical interface MTU size. In Transparent mode, if you change the MTU of an interface, you must change the MTU of all interfaces to match the new MTU. This option is not available if Type is set to Loopback Interface. |
| Administrative Access
IPv6 Administrative Access |
Select the types of administrative access permitted for IPv4/IPv6 connections to this interface. |
| HTTPS | Allow secure HTTPS connections to the GUI through this interface. |
| PING | Interface responds to pings. Use this setting to verify your installation and for testing. |
| HTTP | Allow HTTP connections to the GUI through this interface. HTTP connections are not secure and can be intercepted by a third party. |
| FMG-Access | Allow FortiCache Manager access on this interface. |
| SSH | Allow SSH connections to the CLI through this interface. |
| SNMP | Allow a remote SNMP manager to request SNMP information by connecting to this interface. |
| TELNET | Allow Telnet connections to the CLI through this interface. Telnet connections are not secure and can be intercepted by a third party. |
| Enable Explicit Web Proxy | Select to enable explicit web proxy on the interface. |
| Listen for RADIUS
Accounting Messages |
Select to listen for Remote Authentication and Dial-in User Service (RADIUS) accounting messages on the interface. |
| Secondary IP Address | Add additional IPv4 addresses to this interface. |
| Comments | Enter a description up to 63 characters to describe the interface. |
| Administrative Status | Select either Up (green arrow) or Down (red arrow) as the status of this interface.
Up indicates the interface is active and can accept network traffic. Down indicates the interface is not active and cannot accept traffic. |
Dedicated management interface
The ability to dedicate an interface for management simplifies configuration in transparent network deployments. The management interface can be fixed to an interface and a specific routing policy defined, separate to the transparent bridge. IPv6 is supported.
To dedicate an interface to management
- Go to System > Network > Interfaces.
- Select an interface to edit, and enable Dedicated Management Port.
- If necessary, specify Trusted Hosts.
DNS settings
Several FortiCache functions use DNS, including alert email. You can specify the IP addresses of the DNS servers to which your unit connects. DNS server IP addresses are usually supplied by your ISP. To configure DNS settings select System > Network > DNS.
Configure the following settings:
| Primary DNS Server | Enter the primary DNS server IP address. |
| Secondary DNS Server | Enter the secondary DNS server IP address. |
| Local Domain Name | Enter the domain name to append to addresses with no domain portion when performing DNS lookups. |
Routing table
If the unit is operating in Transparent mode, you can go to System > Network > Routing Table to add static routes to control the flow of traffic through the unit.
| Create New | Creates a new static or IPv6 route. |
| Edit | Modifies settings within the static route. |
| Delete | Removes a static route from the list.
To remove multiple static routes from within the list, on the Static Route page, in each of the rows of the routes you want removed, select the check box and then select Delete. To remove all static routes from the list, on the Static Route page, select the check box in the check box column and then select Delete. |
| Column Settings | Select to add, remove, or change the order of information columns. By default, the Distance Priority and Distance columns are not displayed. |
| IP/Netmask | The destination IP addresses and network masks of packets that the FortiCache unit intercepts. |
| Gateway | The IP addresses of the next-hop routers to which intercepted packets are forwarded. |
| Device | The interface or port number the static route is configured to. |
| Comment | A description of the route (optional). |
| Distance | The number of hops the static route has to the configured gateway. Routes with the same distance will be considered as equal-cost multi-path (ECMP) |
| Priority | A number for the priority of the static route. Routes with a larger number will have a lower priority. Routes with the same priority will be considered as ECMP. |
Adding a static route
Selecting Create New opens the New Static Route page, which provides settings for configuring a new static route. Selecting a route from the route list opens the Edit Static Route page.
| Destination IP/Mask | Enter the IP address and netmask of the new static route. To create a default route, set the IP and netmask to 0.0.0.0/0.0.0.0. | |
| Device | Select the static route’s interface or port number. | |
| Gateway | Enter the gateway IP address for those packets that you intend the unit to intercept. |
| Administrative Distance | Enter a number to determine the cost of the route. When multiple paths exist to the same destination, smaller distances are preferred. |
| Comments | Enter a description up to 63 characters to describe the new interface. |
| Advanced Options | Select to show the Priority option. |
| Priority | Enter a number for the priority of the static route. Routes with a larger number will have a lower priority. |