The port0 interface is configured to receive an IP address automatically from a DHCP server and assigned to the Management zone. The initial configuration is done via the administrator's web console connection via the port0 interface.
If it is not possible to assign an IP address to the Management interface automatically using DHCP, it can be set explicitly from the CLI (Command Line Interface). For more details on using the CLI, see the chapter Command Line Interface (CLI).
Other network interfaces are disabled and require further configuration.
To perform the initial configuration, follow these steps:
Name |
Description |
---|---|
Step 1. Connect to the management interface. |
When a DHCP Server Is Used Connect the port0 interface to the corporate network with a working DHCP server. Start NGFW. After booting, NGFW will display the IP address to connect to for subsequent product activation. Static IP address Start NGFW. Use the CLI to assign the desired IP address to the port0 interface. Perform initial setup via the CLI or connect to the NGFW web console at that IP address. The address string should look similar to this: https://NGFW_IP_address:8001. For more details on using the CLI, see the chapter Command Line Interface (CLI). |
Step 2. Select a language. |
Select the language that will be used for the rest of the initial configuration. |
Step 3. Set a password. |
Set a login name and a password to log in to the web management interface. |
Step 4. Configure zones, set IP addresses of the network interfaces, and connect UserGate to the corporate network. |
In the Interfaces section, enable the desired network interfaces, assign valid IP addresses that correspond to your networks, and bind the interfaces to the respective zones. For more details on network interface management, see the chapter Network Interface Configuration. The system is supplied with a number of predefined zones:
|
Step 5. Configure the Internet gateway. |
In the Gateways section, specify the IP address for the Internet gateway on an Internet-connected network interface in the Untrusted zone. For more details on configuring Internet gateways, see the Gateway Configuration chapter. |
Step 6. Specify the system DNS servers. |
In the DNS section, specify the IP addresses of your provider's or corporate DNS servers. For more details on DNS management, see the DNS Configuration chapter. |
Step 7. Set the server time. |
In the UserGate ➜ General settings ➜ Server time settings section, configure time synchronization with NTP servers. |
Step 8. Register NGFW. |
Enter the PIN code and complete the form to register the product. To activate the system, NGFW must have Internet access. For more details on product licensing, see the Licensing chapter. |
Step 9. Create NAT rules. |
In the NAT and Routing section, create the desired NAT rules. A NAT rule has already been created for Internet access for Trusted network users: NAT from Trusted to Untrusted. For more details on NAT rules, see the NAT and Routing chapter. |
Step 10. Create firewall rules. |
In the Firewall section, create the desired firewall rules. There is a predefined firewall rule Allow trusted to untrusted that allows unrestricted Internet access for the users in the Trusted network --- it only needs to be enabled. For more details on firewall rules, see the Firewall chapter. |
Step 11. (Optional) Create additional administrators. |
In the UserGate Administrators section, create additional system administrators and grant them the necessary rights (roles). |
Step 12. (Optional) Configure user authorization. |
In the Users and devices section, create the required user authorization methods. The simplest option is to create local NGFW users with explicitly set IP addresses or use the system without user authentication (specify the user Any in all rules). For other user authorization options, see Users and Devices chapter. |
Step 13. (Optional) Create content filtering rules. |
In the Content filtering section, create HTTP(S) filtering rules. For more details on filtering content, see the Content filtering chapter. |
Step 14. (Optional) Create safe browsing rules. |
In the Safe browsing section, create additional safe browsing rules. For more details on safe browsing, see the Safe Browsing chapter. |
Step 15. (Optional) Create SSL inspection rules. |
In the SSL inspection section, create rules for intercepting and decrypting HTTPS traffic. For more details on HTTPS decryption, see the SSL Inspection chapter. |
When the above steps are completed, NGFW is ready for use. For more detailed configuration, see the relevant chapters of this Guide.