USG110 behind FreeBox modem
For many years, we have used a Zywall 5 with its multiple LAN outputs behind a FreeBox (Illiad) modem in France. We need to use this modem to benefit from the ISP (Free.fr) VOIP phone facility.
I would like to replace the outmoded ZyWall 5 with a USG110, but as yet not clear how to obtain the 'bridge' function.
Could someone advise me, or direct me to a guide, please.
Regards Jeff
Best Answers
-
Hi Jeff,
You want USG run as a transparent(bridge) firewall behind the FreeBox ?
Here some questions,
- How will you manage the USG ? from LAN side or WAN side or both ?
- Do you want to manage the access(firewall rule) between LAN ports or just between WAN & LAN ?
5 -
The bridge configuration is at “CONFIGURATION > Network > Interface > Bridge”.
Click “Add” to create a bridge interface, and select interface you want to bridge.
BTW, as mentioned by zyman2008, device management need to be considered.
1 -
Hi Zyman! Thank you for your interest in setting up my USG110. As I said, I have used a Zywall 5 successfully for 5 years or more, simply set in 'bridge' mode. The device is managed both locally (LAN) and from UK using site-to-site Ipsec connection and local IP address. I have been given an unused USG110 and keen to replace the ZyWall 5. I would use 4 ports as LAN1 to connect my internal network, and bridge the modem to them. A walk-through advice would be very much appreciated.
(I have previously benefited from your contributions on the 'old' forum, setting up my uk base SBG3300 !).
regards jeff
Jeff J Purcell, New Forest, Uk and France, 442900 -
Here I list more detail steps, FYI.
Assume the admin's laptop is connect to Port 4 to change settings
1.Change ports to LAN side
On GUI, Network > Interface > Port Role, select P3 to P7 as lan1 ports.
2.Add firewall rules to allow WAN side to access LAN side
Note: This step is very important. Otherwise the LAN clients cannot DHCP IP address from FreeBox after you create the bridge interface.
On GUI, Security Policy > Policy Control, add a new rule on the top (as the first rule)
3.Change firewall rule to allow device management from WAN side
On GUI, Object > Service > Service Group, edit "Default_Allow_WAN_To_ZyWALL" service group object. Usually, I'll add PING, HTTPS, SSH_TCP for remote management.
4.Create bridge interface
On GUI, Network > Interface > Bridge, add new interface
(1)Recommend to select "WAN" as the Zone.
(2)Add "wan1" & "lan1" interface into the bridge member.
wan1(Port 1) as uplink to Freebox, and lan1(Port 3-7) as LAN side.
(3)Assign IP address to bridge for management
You can assign a static IP address or Get Automatically(DHCP) from the FreeBox
4.Reconnect your laptop to get IP address from FreeBox
Once you create the bridge interface, your laptop will lose connect immediately. (Since the original IP address is get from USG)
You need to unplug & plug the Ethernet cable to get new IP address from FreeBox.
1
All Replies
-
Hi Jeff,
You want USG run as a transparent(bridge) firewall behind the FreeBox ?
Here some questions,
- How will you manage the USG ? from LAN side or WAN side or both ?
- Do you want to manage the access(firewall rule) between LAN ports or just between WAN & LAN ?
5 -
The bridge configuration is at “CONFIGURATION > Network > Interface > Bridge”.
Click “Add” to create a bridge interface, and select interface you want to bridge.
BTW, as mentioned by zyman2008, device management need to be considered.
1 -
Hi Zyman! Thank you for your interest in setting up my USG110. As I said, I have used a Zywall 5 successfully for 5 years or more, simply set in 'bridge' mode. The device is managed both locally (LAN) and from UK using site-to-site Ipsec connection and local IP address. I have been given an unused USG110 and keen to replace the ZyWall 5. I would use 4 ports as LAN1 to connect my internal network, and bridge the modem to them. A walk-through advice would be very much appreciated.
(I have previously benefited from your contributions on the 'old' forum, setting up my uk base SBG3300 !).
regards jeff
Jeff J Purcell, New Forest, Uk and France, 442900 -
Here I list more detail steps, FYI.
Assume the admin's laptop is connect to Port 4 to change settings
1.Change ports to LAN side
On GUI, Network > Interface > Port Role, select P3 to P7 as lan1 ports.
2.Add firewall rules to allow WAN side to access LAN side
Note: This step is very important. Otherwise the LAN clients cannot DHCP IP address from FreeBox after you create the bridge interface.
On GUI, Security Policy > Policy Control, add a new rule on the top (as the first rule)
3.Change firewall rule to allow device management from WAN side
On GUI, Object > Service > Service Group, edit "Default_Allow_WAN_To_ZyWALL" service group object. Usually, I'll add PING, HTTPS, SSH_TCP for remote management.
4.Create bridge interface
On GUI, Network > Interface > Bridge, add new interface
(1)Recommend to select "WAN" as the Zone.
(2)Add "wan1" & "lan1" interface into the bridge member.
wan1(Port 1) as uplink to Freebox, and lan1(Port 3-7) as LAN side.
(3)Assign IP address to bridge for management
You can assign a static IP address or Get Automatically(DHCP) from the FreeBox
4.Reconnect your laptop to get IP address from FreeBox
Once you create the bridge interface, your laptop will lose connect immediately. (Since the original IP address is get from USG)
You need to unplug & plug the Ethernet cable to get new IP address from FreeBox.
1 -
Zyman! Thank you so much for your very detailed explanations. Absolutely perfect for my needs.
I shall set up the USG here (UK) before my next visit to France later and will implement your suggestions. I'm sure all will be well!
I'm very appreciative of your detailed guidance. Regards jeff
Jeff J Purcell, New Forest, Uk and France, 442901
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight