- Login to your Simply Hosting Control Panel<\/a><\/li>
- Click on the VLAN<\/strong> menu item<\/li><\/ol>\n\n\n\n
![](\"https:\/\/portal.simplyhosting.com\/images\/attachments\/121800592\/image2017-6-14%2010-35-46.png\")
<\/p>\n\n\n\n- You will see one or more VLAN’s on the screen<\/li><\/ol>\n\n\n\n
![](\"https:\/\/portal.simplyhosting.com\/images\/attachments\/121800592\/image2017-6-14%2010-44-45.png\")
<\/p>\n\n\n\n- Click the Add Server<\/strong> button<\/li>
- In the succeeding popup, select the ID of your Firewall from the dropdown and click the Add<\/strong> button<\/li><\/ol>\n\n\n\n
![](\"https:\/\/portal.simplyhosting.com\/images\/attachments\/121800592\/image2017-6-14%2011-7-0.png\")
<\/p>\n\n\n\n- You should see a success notification like below.<\/li><\/ol>\n\n\n\n
![](\"https:\/\/portal.simplyhosting.com\/images\/attachments\/121800592\/image2017-6-14%2010-56-30.png\")
<\/p>\n\n\n\nNote:<\/strong> At extremely busy periods, it may take upto 3 hours for the Firewall to be added to the VLAN, but in most cases it should only take several minutes.<\/p><\/div>\n\n\n\n
- The process has completed when the server id changes from orange to black colour (You may need to refresh your page a few times)<\/li><\/ol>\n\n\n\n
![](\"https:\/\/portal.simplyhosting.com\/images\/attachments\/121800592\/image2017-6-14%2011-1-30.png\")
<\/p>\n\n\n\n
\n\n\n\nConfiguring your Firewall<\/h2>\n\n\n\n
There are two common ways of configuring the firewall. One is for the servers behind the firewall to use public facing IPs routed by the firewall and the other is to use NAT on the firewall and use RFC 1818 addresses on the servers.<\/p>\n\n\n\n
Configuring the Firewall Using Public IPs<\/h3>\n\n\n\n
This is perhaps the simplest configuration for the firewall and involves setting up an IP on the firewall to act as a router for the servers behind it. The downside is that it also requires several public IPs for it to work.<\/p>\n\n\n\n
You will need a block of at least 4 IPs for this configuration to work and a block of 8 ips if you need more than a single host behind the firewall. To get the public IPs you will need to raise a ticket to technical support who can assist you.<\/p>\n\n\n\n
For the following examples we will be using the ip range 192.0.0.0\/30 but please make sure that you use the public IPs that you have been allocated.<\/p>\n\n\n\n
- SSH into the firewall using the details provided and go into the configuration mode:<\/li><\/ol>\n\n\n\n
root@% cli<\/code>\nroot> configure<\/code>\nroot#<\/code><\/pre>\n\n\n\n- For this setup, all you will need to configure is the first usable<\/em> IP onto the VLAN interface. (note: please remember to use the VLAN tag that you have been provided. A different tag other than that allocated to you will not work, in the following example replace <vlantag> with the vlan tag number).<\/li><\/ol>\n\n\n\n
root# set interfaces irb unit <vlantag> family inet address 192.0.0.1\/30<\/code>\nroot# commit and-quit<\/code><\/pre>\n\n\n\n- The firewall configuration is now completed. Exit the unit. For the server to start routing the traffic though the firewall you will need to configure a vlan interface onto the server. Please refer to the documentation for configuring VLANs. The difference will be that instead of an RFC1818 address you should use the next usable public IP from your range. You will also need to adjust the default route of the server to use the IP that you setup on the firewall (192.0.0.1 in this example). You may need to restart the network stack or reboot the server for those changes to<\/li><\/ol>\n\n\n\n
Configuring the Firewall using NAT<\/h3>\n\n\n\n
Configuring the servers using NAT will require less resources in terms of public IPs but will require a little more setup on the firewall. For the following example we will use the RFC1818 range 10.10.10.0\/24<\/p>\n\n\n\n
- SSH to the firewall and go into configuration mode:<\/li><\/ol>\n\n\n\n
root@% cli<\/code>\nroot> configure<\/code>\nroot#<\/code><\/pre>\n\n\n\n- Add an IP onto the vlan interface to act as the gateway for the servers.<\/li><\/ol>\n\n\n\n
root# set interfaces irb unit <vlantag> family inet address 10.10.10.1\/24<\/code><\/pre>\n\n\n\n- Configure the firewall to enable NAT<\/li><\/ol>\n\n\n\n
root# set security nat source rule-set default<\/code>from zone trust<\/code>\nroot# set security nat source rule-set default<\/code>to zone untrust<\/code>\nroot# set security nat source rule-set default<\/code>rule match-all match source-address 0.0.0.0\/0<\/code>\nroot# set security nat source rule-set default<\/code>rule match-all match destination-address 0.0.0.0\/0<\/code>\nroot# set security nat source rule-set default<\/code>rule match-all then source-nat interface<\/code><\/pre>\n\n\n\n- For the server to start routing the traffic though the firewall you will need to configure a vlan interface onto the server. Please refer to the documentation for configuring VLANs. You will also need to configure the default gateway on the server to use the address that you gave to the firewall 10.10.10.1 in this example. You may need to restart the network stack or reboot the server for these changes to take effect.<\/li><\/ol>\n\n\n\n
- It is common to require port forwarding rules for a NAT configuration. The following is an example for mapping port 222 to port 22 of the server with the address 10.10.10.2<\/li><\/ol>\n\n\n\n
root# set security nat static<\/code>rule-set set1 from zone untrust<\/code>\nroot# set security nat static<\/code>rule-set set1 rule server1 match destination-address <firewall_ip>\/32<\/code>\nroot# set security nat static<\/code>rule-set set1 rule server1 match destination-port 222<\/code>\nroot# set security nat static<\/code>rule-set set1 rule server1 then static-nat prefix 10.10.10.2<\/code>\nroot# set security nat static<\/code>rule-set set1 rule server1<\/code><\/pre>\n\n\n\nInfo:<\/strong> If you encounter any problems setting up your firewall then please raise a Support Ticket with our 24\/7\/365 technical support team<\/p><\/div>\n\n\n\n
Get in touch<\/strong><\/h2>\n\n\n\n
If you need advice on your Fabric Firewall requirements, we\u2019re here to help.<\/p>\n\n\n\n
Call us on 0333 247 0222: <\/strong>Monday – Friday, 9am \u2013 5.30pm.<\/p>\n\n\n\n
Chat with<\/strong> us on LiveChat:<\/strong> Monday – Friday, 9am – 5.30pm.<\/p>\n\n\n\n
Write to us:<\/strong> Send us a support ticket from your Simply portal<\/a> and we\u2019ll get back to you as soon as we can. <\/p>\n\n\n\n
- It is common to require port forwarding rules for a NAT configuration. The following is an example for mapping port 222 to port 22 of the server with the address 10.10.10.2<\/li><\/ol>\n\n\n\n
- For the server to start routing the traffic though the firewall you will need to configure a vlan interface onto the server. Please refer to the documentation for configuring VLANs. You will also need to configure the default gateway on the server to use the address that you gave to the firewall 10.10.10.1 in this example. You may need to restart the network stack or reboot the server for these changes to take effect.<\/li><\/ol>\n\n\n\n
- Configure the firewall to enable NAT<\/li><\/ol>\n\n\n\n
- Add an IP onto the vlan interface to act as the gateway for the servers.<\/li><\/ol>\n\n\n\n
- SSH to the firewall and go into configuration mode:<\/li><\/ol>\n\n\n\n
- The firewall configuration is now completed. Exit the unit. For the server to start routing the traffic though the firewall you will need to configure a vlan interface onto the server. Please refer to the documentation for configuring VLANs. The difference will be that instead of an RFC1818 address you should use the next usable public IP from your range. You will also need to adjust the default route of the server to use the IP that you setup on the firewall (192.0.0.1 in this example). You may need to restart the network stack or reboot the server for those changes to<\/li><\/ol>\n\n\n\n
- For this setup, all you will need to configure is the first usable<\/em> IP onto the VLAN interface. (note: please remember to use the VLAN tag that you have been provided. A different tag other than that allocated to you will not work, in the following example replace <vlantag> with the vlan tag number).<\/li><\/ol>\n\n\n\n
- SSH into the firewall using the details provided and go into the configuration mode:<\/li><\/ol>\n\n\n\n
- The process has completed when the server id changes from orange to black colour (You may need to refresh your page a few times)<\/li><\/ol>\n\n\n\n
- In the succeeding popup, select the ID of your Firewall from the dropdown and click the Add<\/strong> button<\/li><\/ol>\n\n\n\n
- Click the Add Server<\/strong> button<\/li>
- Click on the VLAN<\/strong> menu item<\/li><\/ol>\n\n\n\n