Hostname

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search

The tab configures the hostname and related settings of the NG Firewall server.

Hostname

  • Hostname
    • This is the name given to the NG Firewall server, such as "NGFW", "firewall", and so on.
  • Domain
    • This is the domain name of the NG Firewall server. If your company uses "mycompany.com" you will likely want to use "mycompany.com"

The fully qualified domain name (FQDN) for the NG Firewall server is Hostname + Domain. So Hostname = "NGFW" and Domain = "mycompany.com" means the FQDN for NG Firewall is ngfw.mycompany.com. If you have publicly available services like VPN and/or spam quarantines you should make sure that ngfw.mycompany.com resolves in DNS to the/a public IP of the NG Firewall server.

Dynamic DNS Service Configuration

Several Dynamic DNS services are available to help those with dynamic public IPs. Some ISPs and areas only offer dynamic IPs which can be problematic for networks with remote users wanting to access services. You can not remote users access the server/network by the public IP because it can change at any time.

These services exists to automatically update the public DNS entry when your DHCP address changes. This allows you to refer remote users to a FQDN such as "firewall.mycompany.com" and then automatically update the DNS resolution of "firewall.mycompany.com" to your public IP when it changes.

  • Enabled
    • If enabled a Dynamic DNS server will be used to update DNS resolution of the FQDN
  • Service
    • The dropdown shows the supported services. Choose the service you wish to use.
  • Username
    • The username to use of the service.
  • Password
    • The password of the account of the service.
  • Hostname(s)
    • The hostname to update with NG Firewall's public IP address. Specify a single FQDN or multiple FQDNs separated by commas.

NOTE: The username/password is stored in the settings unhashed and sent to the provider unhashed.

Dynamic DNS Service FAQs

DNS-O-Matic is not updating my hostname with the new IP address. Why?

DNS-O-Matic configuration requires all.dnsomatic.com in the hostname field. More on this on the DNS-O-Matic wiki https://dnsomatic.com/wiki/ddclient


Public address configures what the public accessible address and URL is for the NG Firewall server.

In some cases, NG Firewall has services that should be externally accessible for the world. For example, Quarantine Digest emails are sent for Spam Blocker with a link to their Quarantine hosted on the NG Firewall server. In order for this link to work for users outside the local network the Public Address must be properly configured such that it sends the correctly globally accessible link.

Use IP address from External interface

If Use IP address from External interface is checked, the primary address of the first WAN interface will be used as the public address.

Example: If your WAN is configured statically as 1.2.3.4 and and the HTTPS port is configured to 443 in Services, then "https://1.2.3.4" will be used as the public address.

Example: If your WAN is configured dynamically and currently has an IP of 4.3.2.1 and and the HTTPS port is configured to 4343 in Services, then "https://4.3.2.1:4343" will be used as the public address.

This will work if your NG Firewall WAN interface has a static public IP configured.

This will not be correct if NG Firewall's WAN does not have a public IP configured, which is common if it is installed behind another router. It also may not work if NG Firewall's WAN to get an address dynamically (DHCP) because it will often change.

Use Hostname

If Use Hostname is checked, the configured hostname and domain name will be used as the public address.

Example: If your hostname is configured as "hostname" and your domain is "example.com" and the HTTPS port is configured to 443 in Services, the "https://hostname.example.com" will be used as the public address.

This is the suggested if you control your DNS server and can properly configure NG Firewall's hostname+domainname to lookup to the public IP of NG Firewall (or one that is port forwarded to NG Firewall). This is also ideal if you have a certificate installed such that no HTTPS certificate warning will be shown.

Use Manually Configured Address

If Use Manually Configured Address is checked the configured name and port will be used to generate the public address. IP/Hostname can be either a hostname or an IP address.

Example: If your IP/Hostname is configured as "ngfw.example.com" and the port is configured to 443, then "https://ngfw.example.com" will be used as the public address.

Example: If your IP/Hostname is configured as "1.2.3.4" and the port is configured to 4343, then "https://1.2.3.4:4343/" will be used as the public address.

This option is useful to manually configured the exact public address. It can be necessary if NG Firewall is behind another router. Just configured the IP of the public router in front of NG Firewall and an available port, and then port forward that IP/port from the public router to the HTTPS service on NG Firewall.