1

The Network Menu

2

The Network Menu

Static Routing

The Static Routing functionality within GD eSeries allows users to easily configure static routes to networks not managed by the appliance.

Keep in mind that the networks defined in (i.e. managed by) the GD eSeries don’t need static routes in order to communicate properly (including remote VPN networks). The GD will automatically build the routes for all GD hosted networks.

3

The Network Menu

Static Routing example

4

The Network Menu

Static Routing example

Source Network: The source network, in CIDR notation. Destination Network: The destination network, in CIDR notation. Route Via: Four options are available to define through where should the traffic be channeled: Static Gateway, Uplink, OpenVPN User, or L2TP User. In case “Static Gateway” is selected, the IP address of a gateway should be provided in the text box on the right. Otherwise, a drop-down will appear, proposing the choice among the available uplinks, OpenVPN users, or L2TP users. Enabled: A ticked checkbox means that the rule is enabled (default). If unchecked, then the rule is only created but not activated: It can always be enabled later. Remark: A remark or comment to explain the purpose of the rule.

5

The Network Menu

Interfaces

GD eSeries supports various types of uplinks, or WAN devices, including ethernet (static or DHCP), PPPOE, ISDN, PPTP, ADSL, UMTS CDMA or HSDPA modems. You can have multiple uplinks connected to a GD eSeries device as long as you have enough physical ports to accommodate all of your internal and external interfaces. By using multiple uplinks, you can create WAN failover policies that allow you to use an alternate uplink connection in case your primary connection goes offline.

6

The Network Menu

Multiple Uplinks example

7

The Network Menu

Create New Uplink (WAN)

Type: Choose the uplink type to unveil the corresponding additional required configuration settings.

Uplink is enabled: Tick this checkbox to enable the uplink.

Start uplink on boot: This checkbox specifies whether an uplink should be enabled at boot time or not. This option could be useful for a backup uplink that you don’t want to start during the boot procedure.

Uplink is managed: Tick this checkbox for the uplink to be managed (i.e. monitored and restarted if needed).

If this uplink fails activate…: If enabled, an alternative connection can be chosen from a drop-down menu, which will be activated when this uplink fails.

Check if these hosts are reachable: Tick this option to enter a list of IP or hostnames that will be pinged when the uplink fails, as to check if it is unavailable or has reconnected.

8

The Network Menu

Create New Uplink (WAN)In the advanced settings

panel, two additional options can be customized:

Reconnection timeout: The time interval (in seconds) after which an uplink tries to reconnect if it fails. This value depends on the provider’s settings. If unsure, leave this field empty. MTU: A custom value for the MTU size.

9

The Network Menu

Policy Routing

The Policy Routing feature of eSeries provides a more granular and dynamic ability to create policy routes based on any number of criteria (IP, MAC, port, etc.). The most common use of this feature is to “split” internal traffic across multiple external (Internet) connections.

In addition, when setting up policy routes across internet connections, the eSeries can automatically failover from one link to another. In the event an uplink going down, GD eSeries will automatically re-route the specified policies to the backup uplink, if so desired, to prevent any unnecessary downtime.

10

The Network Menu

Multiple Uplinks & Policy Routing Example

11

The Network Menu

Multiple Uplinks & Policy Routing Example

Source: It allows to choose the source networks. Several entries, one per line, are accepted, but all must belong to the same type: a zone/interface, OpenVPN/L2TP user(s), Ips/networks, or MAC addresses. To apply the rule to all sources, select <ANY>.

Destination: It allows the choice of the destination networks, in form of a list of IPs, networks, OpenVPN or L2TP users. Again, by selecting <ANY> the rule will match every destination.

Service/Port: The next two drop-down menus allow to specify the service, protocol, and a destination port for the rule when the TCP, UDP, or TCP+UDP protocols are selected. Some predefined combinations service/protocol/port exist.

User defined: Allows you to specify a custom protocol and the ports to block, an option that proves useful when running services on ports different from the standard ones.

12

The Network Menu

Multiple Uplinks & Policy Routing Example

Route Via: The uplink that should be used for this rule. If the uplink becomes unavailable, there is the option for the routing be carried over to the backup link corresponding to the selected uplink.

Type of Service: The type of service (TOS) can be chosen here, if its implementation is required.

Remark: A remark or comment to explain the purpose of this rule.

Position: The position in which to insert the rule, i.e., the relative position in the list of rules.

Enabled: Tick this checkbox to enable the rule (default). If unchecked, the rule is created but not active – it can be enabled later.

Log all accepted packets: This checkbox must be ticked to log all the packets affected by this rule.

13

The Network Menu

Policy Route – Orange Zone

14

The Network Menu

Policy Route – Green Zone

15

The Network Menu

Policy Route Example