3.3.5. Interface Groups
If dial-on-demand is enabled, the PPPoE connection will only be up when there is traffic on the
PPPoE interface. It is possible to configure how the firewall should sense activity on the interface,
either on outgoing traffic, incoming traffic or both. Also configurable is the time to wait with no
activity before the tunnel is disconnected.
Example 3.12. Configuring a PPPoE client on the wan interface with traffic routed over
PPPoE.
CLI
gw-world:/> add Interface PPPoETunnel PPPoEClient EthernetInterface=wan
Web Interface
1.
Go to Interfaces > PPPoE > Add > PPoE Tunnel
2.
Then enter:
•
Name: PPPoEClient
•
Physical Interface: wan
•
Remote Network: all-nets (as we will route all traffic into the tunnel)
•
Service Name: Service name provided by the service provider
•
Username: Username provided by the service provider
•
Password: Password provided by the service provider
•
Confirm Password: Retype the password
•
Authentication You can specify exactly which authentication protocol to use. The default settings will be
used if not specified.
•
Enable dial-on-demand Disable
•
Advanced If "Add route for remote network" is enabled, a new route is added for the interface.
3.
Click OK.
3.3.5. Interface Groups
Multiple NetDefendOS interfaces can be grouped together to form an Interface Group. Such a logic-
al group can then be subject to common policies and be referred to using a group name in the IP
rule-set and User Authentication Rules.
A group can consist of regular Ethernet interfaces, VLAN interfaces, or VPN Tunnels and the mem-
bers of a group need not be of the same type. A group might consist, for instance, of two Ethernet
interfaces and four VLAN interfaces.
Example 3.13. Creating an Interface Group
CLI
gw-world:/> add Interface InterfaceGroup examplegroup Members=exampleif1,exampleif2
Network=all-nets Username=exampleuser Password=examplepw
Note
To provide a point-to-point connection over Ethernet, each PPP session must learn the
Ethernet address of the remote peer, as well as establish a unique session identifier.
PPPoE includes a discovery protocol that provides this.
45
Chapter 3. Fundamentals