User manual

Network Setup

73

The intended usage of Guest connections is for connecting to a Guest network, i.e. an

untrusted LAN or wireless networks. Machines connected to the Guest network must

establish a VPN connection to the SG unit in order to access the LAN, DMZ or Internet.

By default, you can configure the SG’s DHCP server to hand out addresses on a Guest

network, and the SG’s VPN servers (IPSec, PPTP, etc.) to listen for connections from a

Guest network and establish VPNs. Aside from this, access to any LAN, DMZ or Internet

connections from the Guest network is blocked.

If you want to allow machines on a Guest network direct access to the Internet, LAN or

DMZ without first establishing a VPN connection, add packet filtering rules to allow

access to services on the LAN or Internet as desired. See the Packet Filtering section in

unauthorized use of your Internet connection for sending spam, other malicious or illegal

Machines on the Guest network typically have addresses in a private IP address range,

such as 192.168.2.0 / 255.255.255.0 or 10.2.0.0 / 255.255.0.0. For network address

translation (NAT) purposes, the Guest connection is considered a LAN interface, i.e. the

NAT checkboxes for LAN interfaces under Advanced modify settings for both LAN

connections and Guest connections. See the Network address translation section later in

this chapter for further information.

A Guest connection is established by selecting Direct Guest or Bridged Guest from the

Configuration pull down box of the network port to be connected to the Guest network.

Configuring a Guest connection

Select Direct Connection from the Configuration pull down box of the network port to

be connected to the Guest network. Enter appropriate IP address settings and select

Guest from Firewall Class pull down menu.