| Home Prev |  NetWall 200R Series Getting Started Guide
|
Next |
|---|
This chapter discusses initial cOS Core configuration for the 200R Series. The initial setup sections consist of:
Section 4.2, Web Interface and Wizard Setup describes using a web browser with the cOS Core Setup Wizard over a network connection.
Section 4.3, Manual Web Interface Setup describes using a web browser over a network connection to perform setup manually (without the wizard).
Section 4.4, Manual CLI Setup describes manual setup using the cOS Core CLI either over an SSH network connection or directly through a local console connection to cOS Core.
In all the above cases, it is assumed that the requirement is to set up cOS Core so that traffic from a protected network can enter one firewall Ethernet interface, be filtered, and then exit another Ethernet interface towards the Internet or other wide area network.
![[Tip]](images/tip.png) |
Tip: Upgrade to the latest cOS Core version |
|---|---|
|
A new NetWall 200R Series unit may not have the very latest cOS Core version pre-installed. After initial setup, it is recommended to upgrade to the latest available cOS Core version. The procedure for upgrading is described in the separate cOS Core Administration Guide. |
This section describes the predefined entries in the default cOS Core configuration that are unique to the NetWall 200R Series.
Ethernet Interface DHCP settings
The NetWall 200R Series appliance comes with a default cOS Core configuration with the following settings on the Ethernet interfaces:Zone Groupings
The Ethernet interfaces are also grouped together into a Zone in the cOS Core configuration in the following way:The interface G2 belong to a predefined Zone object called WANZone.
The interfaces G3 and G4 belong to a predefined Zone object called BypassZone.
The Predefined IP Rule Set
The default configuration also contains a predefined IP rule set that allows traffic to flow from the management G1 interface and its network to the WANZone interfaces. This means that protected clients on G1 will have predefined access to the Internet through G2.In addition, the 200R Series default rule set contains two additional rules:
Allow ping (ICMP) towards G1
Towards the NetWall 200R Series G1 interface from the G1 network.
Allow all communication between G3 and G4
In addition, application control is configured to log all (audit) applications detected between the G3 and G4 interfaces. The main purpose of this rule is to make the NetWall 200R Series behave in the same way regardless if the unit is powered on or off based on the Bypass functionality. For more details about the Bypass functionality see Section 1.2.1, Bypass Functionality.
![[Note]](images/note.png) |
Note: Application Control Requires a License |
|---|---|
|
To fully use this functionality, a license must be installed that contains Application Control. |
Interface Routing Table Membership
Due to the Bypass functionality in the NetWall 200R Series, interfaces G3 and G4 are members of a routing table called Bypass and are configured to act as a switch using a switchroute in this routing table. This ensures that the G3 and G4 interfaces behave the same way whether the unit is powered on or off. |
Note: Changing Routing or Memberships for the G3 and G4 Interfaces |
|---|---|
|
The administrator has full control over how the routing or interface memberships should be changed or modified from the default. However, be aware that doing so will alter the behavior of the G3 and G4 interfaces, making them behave differently depending on whether the unit is powered on or off. |
Changing the Default Configuration
Note that there are no restrictions on how cOS Core is configured in the NetWall 200R Series product or how the Ethernet interfaces are used. The administrator is free to change or delete any of the default configuration components.