advertisement
![Standard Ethernet Interface. Novell Security Manager Powered by Astaro | Manualzz Standard Ethernet Interface. Novell Security Manager Powered by Astaro | Manualzz](http://s1.manualzz.com/store/data/007137896_1-a17efecedb9e2e8f08b58a95e42a20ae-360x466.png)
Using Novell Security Manager
4.3.2.1. Standard Ethernet Interface
To configure a network card for a standard Ethernet connection to an internal or external network, you must configure the card with an IP address and netmask.
All network cards installed on Security Manager are shown in the
Hardware List.
Configuring a Standard Ethernet Connection:
1. In the Network tab, open the Interfaces menu.
2. Click on the New button.
The Add Interface window will open.
3. In the Name entry field, enter a descriptive name for the interface.
(example: Externally for an Internet connection)
4. Use the Hardware drop-down menu to select a network card.
Tip:
For an external connection (e.g., to the Internet) choose the card with
Sys ID eth1.
5. Use the drop-down menu Type to select Standard Ethernet
Interface.
Please note that one network card cannot be used as both a Standard
ethernet interface and a PPP over Ethernet (PPPoE-DSL) or
PPPTP over Ethernet (PPPoA-DSL) connection simultaneously.
6. Now make the specific settings for this interface type:
Address: If you wish to use a static IP address for this interface, select Static from the drop-down menu and enter the address to use in the entry field. If you wish to have a gateway dynamically assigned via DHCP, select Assign by DHCP from the drop-down menu.
Important Note:
If you wish to configure the Uplink Failover on Interface function, observe the description of this function while entering the network!
Netmask: If you wish to use a statically defined network mask for this interface, use the drop-down menu to select Static and enter the
97
Using Novell Security Manager netmask to use in the entry field. If you wish to have a netmask dynamically assigned via DHCP, select Assign by DHCP from the drop-down menu.
Default Gateway: If you wish to use a statically defined default gateway, use the drop-down menu to select Static and enter the address of the gateway in the entry field. If you wish to have a gateway dynamically assigned via DHCP, select Assign by DHCP from the drop-down menu. Otherwise, select None.
Proxy ARP: When this function is enabled, Novell Security Manager will answer ARP requests on the selected interface for all known networks. This system will thus act as a proxy on this interface for all of the other directly-connected networks.
This function is only required in special cases, for example when an attached network cannot be configured with normal routing entries
(e.g., when the network includes a router over which you have no control).
By default, the Proxy ARP function is disabled (Off). To enable it, select On from the drop-down menu.
Uplink Failover on Interface: This function will only displayed, if the parameter Assign by DHCP or Static has been selected in the
Default Gateway drop-down menu.
If a network card is an interface to the Internet (e.g., 2 Megabit fixed connection) you can configure a standby connection by a second
Internet access (e.g., DSL connection) and an additional network card.
If the primary connection fails, the uplink will automatically be set up through the backup Internet access. In order to monitor the connection, the Primary Interface sends four ping requests to the Uplink
Failover check IP every five seconds. Only if all four ping requests are not replied to, the Backup Interface is loaded.
When the Internet connection is established via the Backup Interface the ping requests are still sent by the Primary Interface. As soon as the Security Manager receives the corresponding reply packages to the ping requests again, the Internet connection is again established by the Primary Interface.
Important Note:
When the Uplink Failover on Interface function is used, two different networks must be defined on the Primary and Backup Inter-
face. Therefore you need two separate Internet accesses next to the additional network card.
Uplink Failover on Interface is by default disabled (Off). If you wish to use this network card as primary Internet connection, then configure it in the Primary Interface drop-down menu. If this net-
98
Using Novell Security Manager work card shall contain the standby connection, select the setting
Backup Interface.
Uplink Failover check IP: This entry field will be displayed if the
Primary Interface setting has been selected for the Uplink Failover
on Interface function. Enter the IP address of a host here, which replies to the ICMP Ping requests and which, in addition to that, is always reachable! Novell Security Manager will send ping requests to this host: if no answer is received, the backup interface will be enabled by the failover. In this entry field, there must always be an IP address for the failover!
Monitor Interface Usage: This function monitors the bandwidth on the interface. Once, the bandwidth falls short of or exceeds a specific value, a notification e-mail will be sent to the administrator.
The maximum available bandwidth must be entered for the Monitor
Interface Usage function into the Uplink Bandwidth (kbits) and
Downlink Bandwidth (kbits) entry fields. The notification e-mail to the administrator will be sent, as soon as the actually available bandwidth falls off or exceeds a predefined limit value. The limit values are configured with the Notify drop-down menus.
The settings will only be displayed once the Monitor Interface Usage function is enabled (On).
QoS Status: In order to use Quality of Service (QoS) bandwidth management on an interface, enable this option. To enable the
Quality of Service (QoS) function, select On from the drop-down menu.
Important Note:
For the bandwidth management Quality of Service (QoS) you must define the values for Uplink Bandwidth (kbits) and Downlink
Bandwidth (kbits). These values are used as basis for the bandwidth management system: incorrect values can lead to poor management of the data flow. The Quality of Service (QoS) function is described in chapter 4.5.1.
Uplink Bandwidth (kbits): This setting will only appear, if the QoS or Monitor Interface Usage function is enabled. In this entry menu, enter the available bandwidth for the Uplink in full kilobits. This value can be determined either from the values of the upstream interface or from the router. On an interface to the Internet, this value corresponds to the bandwidth of the Internet connection - on an ADSL access the Uplink bandwidth amounts to 128 kBit/s and on a 2-
Megabit fixed connection to 2048 kBit/s.
Downlink Bandwidth (kbits): This setting will only appear, if the
QoS or Monitor Interface Usage function is enabled. In this entry menu, enter the available bandwidth for the Downlink in full kilobits.
99
Using Novell Security Manager
On an interface to the Internet, this value corresponds to the bandwidth of the Internet connection - on an ADSL access the Downlink bandwidth amounts to 768 kBit/s and on a 2-Megabit fixed connection to 2048 kBit/s.
Notify when uplink usage below (%): This setting will only be displayed, when the Monitor Interface Usage function is enabled.
Use the drop-down menu to configure the lower threshold for the uplink.
Notify when uplink usage exceeds (%): This setting will only be displayed, when the Monitor Interface Usage function is enabled.
Use the drop-down menu to configure the upper threshold for the uplink.
Notify when downlink usage below (%): This setting will only be displayed, when the Monitor Interface Usage function is enabled.
Use the drop-down menu to configure the lower threshold for the downlink.
Notify when downlink usage exceeds (%): This setting will only be displayed, when the Monitor Interface Usage function is enabled. Use the drop-down menu to configure the upper value for the downlink.
MTU Size: The MTU is the size (in bytes) of the largest transmittable packet. MTU stands for Maximum Transfer Unit. For connections, using the TCP/IP protocol, the data will be grouped into packets. A maximum size will be defined for these packets. Packets larger than this value will be considered too long for the connection and fragmented into smaller ones before transmission. These data packets will be sent again. However, the performance can be limited, if the upper value is too low.
The largest possible MTU for an Ethernet interface is 1500 Bytes.
The following value is the default for the Standard Ethernet
Interface: 1500 Byte.
7. Confirm these settings by clicking Add.
The system will now check the address and network mask for semantic validity. After a successful check, the new interface will appear in the Current Interface Status table. The interface is not yet enabled (status light is red).
8. Enable the interface by clicking the status light.
The interface is now enabled (status light shows green). The Oper column will at first show that the interface is Down: the system requires a short time to configure and load the settings.
100
advertisement
Related manuals
advertisement
Table of contents
- 9 Introduction to the Technology
- 15 Installation
- 16 System Requirements
- 18 Installation Instructions
- 18 Software Installation
- 22 Configuring Security Manager
- 27 WebAdmin
- 27 Info Box
- 27 Tab List
- 28 Menus
- 28 The Status Light
- 28 Selection Field
- 29 The Selection Table
- 30 Drop-down Menus
- 30 Lists
- 31 Online Help
- 31 Refresh
- 32 Using Novell Security Manager
- 34 Basic Settings (System)
- 34 Settings
- 38 Licensing
- 40 Up2Date Service
- 45 Backup
- 51 Remote Syslog Server
- 52 User Authentication
- 53 Novell eDirectory
- 55 RADIUS
- 58 SAM – NT/2000/XP
- 60 Active Directory/NT Domain Membership
- 62 LDAP Server
- 71 WebAdmin Settings
- 72 WebAdmin Site Certificate
- 74 High Availability
- 79 Shut down/Restart
- 80 Networks and Services (Definitions)
- 80 Networks
- 85 Services
- 88 Users
- 90 Time Events
- 92 Network Settings (Network)
- 92 Hostname/DynDNS
- 93 Interfaces
- 97 Standard Ethernet Interface
- 101 Additional Address on Ethernet Interface
- 103 Virtual LAN
- 107 PPPoE-DSL Connection
- 111 PPTPoE/PPPoA-DSL Connections
- 115 PPP over Serial Modem Line
- 119 Bridging
- 120 Routing
- 123 NAT/Masquerading
- 126 Masquerading
- 127 Load Balancing
- 128 DHCP Service
- 133 PPTP VPN Access
- 138 Accounting
- 139 Ping Check
- 140 Intrusion Protection
- 140 Settings
- 141 Rules
- 144 Portscan Detection
- 146 DoS/Flood Protection
- 150 Advanced
- 152 Packet Filter
- 152 Rules
- 163 Advanced
- 167 Application Gateways (Proxies)
- 174 Content Filter (Surf Protection)
- 196 Content Filter
- 199 Spam Protection
- 206 Content Filter
- 212 SOCKS
- 214 Ident
- 215 Proxy Content Manager
- 220 Virtual Private Networks (IPSec VPN)
- 226 Connections
- 232 Policies
- 235 Local Keys
- 237 Remote Keys
- 240 L2TP over IPSec
- 241 CA Management
- 244 Advanced
- 247 System Management (Reporting)
- 247 Administration
- 248 Virus
- 248 Hardware
- 249 Network
- 249 Packet Filter
- 249 Content Filter
- 250 PPTP/IPSec VPN
- 250 Intrusion Protection
- 250 HTTP Proxy Usage
- 250 Executive Report
- 251 Accounting
- 252 System Information
- 254 Remote Management (Remote Management)
- 254 Report Manager (RM)
- 257 Local Logs (Log Files)
- 257 Settings
- 260 Local Log File Query
- 261 Browse
- 264 Log Files
- 267 Error Codes
- 276 HTTP Proxy Messages
- 278 Online Help
- 279 Exiting Novell Security Manager
- 280 Glossary
- 285 Index