WatchGuard x1000 用户指南
Selecting a Firewall Configuration Mode
User Guide
31
address space across the Firebox interfaces, you can “drop”
the Firebox between the router and the LAN without
reconfiguring any local machines. Public servers behind
the Firebox use public addresses, and traffic is routed
through the Firebox with no network address translation.
the Firebox between the router and the LAN without
reconfiguring any local machines. Public servers behind
the Firebox use public addresses, and traffic is routed
through the Firebox with no network address translation.
Characteristics of a drop-in configuration:
•
•
A single network that is not subdivided into smaller
networks or subnetted.
networks or subnetted.
•
The Firebox performs proxy ARP, a technique in which
one host answers Address Resolution Protocol requests
for machines behind that Firebox that cannot hear the
broadcasts. The trusted interface ARP address replaces
the router’s ARP address.
one host answers Address Resolution Protocol requests
for machines behind that Firebox that cannot hear the
broadcasts. The trusted interface ARP address replaces
the router’s ARP address.
•
The Firebox can be placed in a network without
changing default gateways on the trusted hosts. This is
because the Firebox answers for the router, even
though the router cannot hear the trusted host’s ARP
requests.
changing default gateways on the trusted hosts. This is
because the Firebox answers for the router, even
though the router cannot hear the trusted host’s ARP
requests.