About interface connections
An interface can refer to both a software interface, such as a virtual local area network (VLAN) and a physical network interface card (NIC). Within the Smoothwall Filter and Firewall, when we refer to an interface, typically we mean a software interface. NICs have roles to determine their function.
When you add a new NIC to your Smoothwall Filter and Firewall hardware appliance, these are configured as a BASIC interface automatically. You must add and configure additional interfaces for internet connections, connections from internal devices for web filtering purposes. The configuration that was entered for the NIC during the installation gives access to the Smoothwall Filter and Firewall administration user interface.
An external connection doesn't refer to those connections that use a Point-to-Point Protocol over Ethernet (PPPoE) interface. Internet connections are made through the NIC configured with an external role. You can configure this with a static IP address or with one set by your Internet service provider's (ISP) Dynamic Host Configuration Protocol (DHCP) server that automatically provides and assigns IP addresses, default gateways and other network parameters.
You can't delete an external connection because this is typically a port on the Smoothwall Filter and Firewall hardware appliance. To remove an external interface, you need to delete the IP addresses allocated to the interface. If multiple external connections are configured on the Smoothwall Filter and Firewall hardware appliance, it balances traffic going externally, according to weighting, across all functioning connections. This way, a failed connection shouldn't have any noticeable impact on the network devices.
You can monitor the status of all external connections set up on your Smoothwall Filter and Firewall hardware appliance, using the Dashboard.
You can turn on bypass ports on your Smoothwall Filter and Firewall hardware appliance to make sure that when the it fails that network access is still available, even though content will be unfiltered. However, you can only turn on bypass ports if you're using a Smoothwall Filter and Firewall hardware appliance.
It's worth being aware that you can now add more than twenty interfaces in the Smoothwall Filter and Firewall. However, you need to update to the Leeds-20 release, reboot, and then update to the latest release. This is because of a fix within the Leeds-20 release.
Bonded Interfaces
Network interface card (NIC) bonding involves combining the cards in parallel to provide high availability and redundancy, should one of the links fail. You can bind two or more NICs into a single bond. Before adding the bonded interfaces, you must first create the parent bonded interface. A bridge member interface can also be used as a bonded interface.
Virtual Local Area Networks
You can create a Virtual Local Area Network (VLAN) to isolate resources, like creating network zones. You can create VLAN interfaces, and associate multiple VLANs to a NIC of any role. Each VLAN is treated by the Smoothwall Filter and Firewall as an isolated network zone. The “parent” VLAN interface must exist before additional VLAN interfaces can be associated with it. A bridge member interface can also be used as a VLAN interface.
Transparent bridges
You can deploy the Smoothwall Filter and Firewall in-line using two or more NICs to create a transparent bridge so that the Smoothwall Filter and Firewall can filter and perform a Deep Packet Inspection on web content. You must first create the “parent” bridge interface, before adding the bridge member interfaces.
IP addresses
Typically, when you install the Smoothwall Filter and Firewall, you assign an IP address to the interface. You can assign additional IP addresses to an interface, for example:
- Extra static IP address, for later use.
- An IP address, set by DHCP, to an interface with a static IP address already assigned.
- An IP address alias to a PPPoE interface. For a detailed description of how to add an IP address alias to a PPPoE interface.