10 WatchGuard System Manager
In a routed configuration, you install the Firebox with different logical networks and network addresses
on each of its interfaces. The public servers behind the Firebox use private IP addresses. The Firebox uses
network address translation (NAT) to route traffic from the external network to the public servers.
The requirements for a routed configuration are:
• All interfaces of the Firebox must be on different logical networks. The minimum configuration
includes the external and trusted interfaces. You can also configure one or more optional
• All computers behind the trusted and optional interfaces must have an IP address from that
network. For example, a computer on a trusted interface in the previous figure could have an IP
address of 10.10.10.200 but not 192.168.10.200, which is on the optional interface.
With a drop-in configuration, the Firebox uses the same network for all of its interfaces. You must config-
ure all of the interfaces. When you install the Firebox between the router and the LAN, it is not necessary
to change the configuration of the local computers. The public servers behind the Firebox continue to use
public IP addresses. The Firebox does not use network address translation to route traffic from the exter-
nal to your public servers.
The properties of a drop-in configuration are: