12 WatchGuard System Manager
If you select the Dynamic Host Configuration Protocol (DHCP), the Firebox tells a DHCP server controlled
by your Internet Service Provider (ISP) to give the Firebox its IP address, gateway, and netmask. This server
can also give WINS and DNS server information for your Firebox. If it does not give you that information,
you must add it manually to your configuration. If necessary, you can change the WINS and DNS values
that your ISP gives you.
Point-to-Point Protocol over Ethernet (PPPoE) is also available. As with DHCP, the Firebox makes a PPPoE
protocol connection to the PPPoE server of your ISP. This connection automatically configures your IP
address, gateway, and netmask. But, PPPoE does not supply you with DNS and WINS server information
as DHCP does.
If you use PPPoE on the external interface, you must have the PPP user name and password when you
configure your network. The user name and password each have a 256-byte capacity.
When you configure the Firebox to receive dynamic IP addresses, the Firebox cannot use these functions
(for which a static IP address is necessary):
• High Availability (not available on Firebox 500)
• Drop-in mode (if you are using WFS appliance software)
• 1-to-1 NAT
• RUVPN with PPTP
If your ISP uses a DHCP or PPPoE connection to give out static IP address, the Firebox will allow
you to enable MUVPN and RUVPN with PPTP because the IP address is static.
External aliases and 1-to-1 NAT are not available when the Firebox is a PPPoE client.
Entering IP addresses
When you enter IP addresses in the Quick Setup Wizard or WSM dialog boxes, type the digits and periods
in the correct sequence. Do not use the TAB key, arrow key, spacebar, or mouse to put your cursor after
the periods. For example, if you type the IP address 172.16.1.10, do not type a space after you type “16.”
Do not try to put your cursor after the subsequent period to type “1.” Type a period directly after “16,”
and then type “1.10.” Push the slash (/) key to move to the netmask.
About slash notation
Use slash notation to enter the netmask. In slash notation, one number shows how many bits of the IP
address identify the network that the host is on. A netmask of 255.255.255.0 has a slash equivalent of
8+8+8=24. For example, an IP address 192.168.42.23/24 is equivalent to an IP address of 192.168.42.23
with a netmask of 255.255.255.0.
This table shows the network masks and their slash equivalents:
Network mask Slash equivalent