WFilter NGF can act as a gateway or network bridge.
- A network bridge can be deployed transparently with no changes to your existing network. Most features are available in bridge mode.
- In gateway deployment, all features are available, including VLAN, port forwarding, VPN... which are not available in bridge mode.
2 Gateway Deployment
Gateway deployment: WFilter NG Firewall acts as the gateway for local nework. Usually, your current gateway shall be replaced with WFilter NG Firewall. Network diagram:
- Protocol: PPPoE, DHCP, static IP.
- Peer DNS: Use the dynamic assigned DNS server in PPPoE and DHCP protocols. If disabled, use the DNS servers configured in "DNS" instead.
- MAC Clone: Modify the MAC address of this WAN interface.
- VLAN ID: Enable 802.1q VLAN in this WAN interface.
- You can have different subnet in every LAN interface. Or all LAN interfaces share a same subnet.
- Each LAN interface can have a DHCP service.
- When IP-MAC Binding is enabled, clients will always be assigned with the bound IP via DHCP service.
2.2.1 DHCP Options
- In default, DHCP gateway and dns server are all configured as WFilter's lan ip address.
- In case you need to modify the default DHCP options, the syntax is "DHCP code,Value"(one option per line). For examples:
- 3,192.168.1.1(default gateway)
- 6,22.214.171.124(default dns server)
3 Bridge Deployment
Bridge Deployment: Build network bridge(s) on certain interfaces. With bridge deployment, you can transparently deploy WFilter, without changing current network topology. Network diagram:
- Each bridge has one LAN interface and one WAN interface.
- You can build multiple bridges if needed.
- You can setup a management interface to access web UI.
- Management Interface:
- The management interface is for web UI access, web authentication UI access...
- IP, Mask: IP, Mask of the management interface.
- Gateway: Gateway of the mangement interface. WFilter needs a gateway to access interface to get updates.
- Subnet(s): local subnets to be managed. Syntax: 192.168.1.0/24, one subnet per line. "-" starts a subnet exception, for example: "-192.168.1.20/32".
You can build new bridges from "undefined interfaces". For new bridges, you only need to configure LAN & WAN interfaces.