Configuring the Network Interface

Neither the Deployment Mode option nor the Configure button are available on the Management Appliance, as deployment modes are not relevant.

Use the Configuration > Network > Network Interface page to configure your appliance's IP address and to configure access to your network's DNS servers.

Note
The appliance uses 172.24.24.173 as the network address to access its initial configuration. This may cause routing conflicts if your local network also uses addresses in the range of 172.24.24.0-255. Contact Sophos Technical Support for a solution if this applies to your deployment.
Important
If WCCP is enabled (on the Configuration > Network > WCCP page), all network settings on the Network Interface page, except Specify the DNS servers, will be disabled until you turn off Web Cache Communication Protocol integration.
  1. Select either DHCP or Static IP.

    If you choose the DHCP option, the Obtain DNS servers automatically option button is selected by default. DHCP is not recommended for a production environment, as the IP address can unexpectedly change, disrupting your users.

    If you choose the Static IP option, you must also fill in the following text boxes:

    • Enter the IP Address for the appliance.
    • Enter the Network Mask. The network mask is the range of addresses that the appliance can connect to directly. IP addresses outside of this range are reached via the Default Gateway.
    • Enter the IP address of your network's Default Gateway.
    • [Optional] From the Deployment Mode drop-down list, select the mode that you want to use. The options are:
      • Explicit proxy: Select this option if you have elected to use the explicit network deployment.
      • Transparent: Select this option if you have elected to use the transparent network deployment.
      • Bridged (inline): Select this option if you have elected to use the bridged network deployment. This option is not available if no bridge card is installed in your appliance.

      See "Network Deployment" for a description of each of these and other deployment types.

    • If you chose the Bridged (inline) option in the previous step, you can click Configure beside the Deployment Mode option to create a list of IP addresses or IP ranges to exempt from appliance handling. These IP addresses will be exempt from all Web Appliance filtering, including virus scanning.
    • In the Bridged Mode Configuration dialog box, enter the IP address or IP range in CIDR format in the text box, select IP Address or IP Range from the drop-down list as is appropriate for the entry, and click Add. Click OK when you have added all the IP addresses or ranges that you want in the list.
      Important
      The Web Appliance will interpret any dotted quad followed by a slash and a number less than 33 as a CIDR range. This creates the possibility that a URL entered as an IP address followed by a numbered directory from 0 to 32 would be improperly treated as a CIDR range. To avoid this possibility, always enter URLs to numbered directories using fully qualified domain names rather than IP addresses.
    • [Optional] To configure Additional IP routes, IP Address to hostname map, or TCP listening ports, click Advanced Settings (see Configuring Advanced Settings).
  2. Auto is the default setting, but, in certain cases, the appliance may not be able to connect to your network if Auto is selected, which will require that you manually set these options from the Speed and duplex drop-down list.

    This option is always available, whether you are using DHCP or static IP, or the Explicit, Bridged, or Transparent deployment modes.

  3. Select Obtain DNS servers automatically or Specify the DNS servers to set which method the appliance will use to obtain your DNS servers' IP addresses.
    If you selected the Specify the DNS servers option, enter the IP addresses of your network's DNS servers in priority order (Primary through Tertiary). When you specify more than one DNS server then:
    • If the primary DNS server becomes unresponsive, the appliance will continually attempt to send requests to the primary DNS server. If a timeout occurs before the primary DNS server becomes available again, the appliance will send queries to the secondary DNS server.
    • If the primary DNS server rejects queries, the appliance will immediately send queries to the secondary DNS server.
    Similar behavior will apply if your secondary DNS server also becomes unresponsive or rejects queries, and you have specified a tertiary DNS server.
    Note
    Even if you have an upstream proxy (a proxy between the Web Appliance and the internet) configured, you still need to configure the Web Appliance with access to your organization's DNS server.
  4. Click Apply.

If your appliance is a Virtual Web Appliance or a Virtual Management Appliance there is the option to Re-register a cloned virtual appliance. If you clone a virtual appliance, each cloned instance must be re-registered before you can use it in live production mode.