Hostname: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
(3 intermediate revisions by 2 users not shown)
Line 2: Line 2:
<span style="display:none" class="helpSource administration_public_address">Public_Address</span>
<span style="display:none" class="helpSource administration_public_address">Public_Address</span>


= Hostname =
The tab configures the hostname and related settings of the NG Firewall server.


The tab configures the hostname and related settings of the Untangle server.
{{TriScreenshot|config|network|hostname}}


== Hostname ==
== Hostname ==


* Hostname
* Hostname
** This is the name given to the untangle server, such as "untangle", "myuntangle", "firewall", etc.
** This is the name given to the NG Firewall server, such as "NGFW", "firewall", and so on.
* Domain
* Domain
** This is the domain name of the untangle server. If your company uses "mycompany.com" you will likely want to use "mycompany.com"
** This is the domain name of the NG Firewall server. If your company uses "mycompany.com" you will likely want to use "mycompany.com"


The fully qualified domain name (FQDN) for the Untangle server is ''Hostname'' + ''Domain''.
The fully qualified domain name (FQDN) for the NG Firewall server is ''Hostname'' + ''Domain''.
So Hostname = "untangle" and Domain = "mycompany.com" means the FQDN for Untangle is ''untangle.mycompany.com''. If you have publicly available services like VPN and/or spam quarantines you should make sure that untangle.mycompany.com resolves in DNS to the/a public IP of the Untangle server.
So Hostname = "NGFW" and Domain = "mycompany.com" means the FQDN for NG Firewall is ''ngfw.mycompany.com''. If you have publicly available services like VPN and/or spam quarantines you should make sure that ngfw.mycompany.com resolves in DNS to the/a public IP of the NG Firewall server.


== Dynamic DNS Service Configuration ==
== Dynamic DNS Service Configuration ==
Line 31: Line 31:
** The password of the account of the service.
** The password of the account of the service.
* Hostname(s)
* Hostname(s)
** The hostname to update with Untangle's public IP address. Specify a single FQDN or multiple FQDNs separated by commas.
** The hostname to update with NG Firewall's public IP address. Specify a single FQDN or multiple FQDNs separated by commas.
 
''NOTE:'' The username/password is stored in the settings unhashed and sent to the provider unhashed.


= Dynamic DNS Service FAQs =
= Dynamic DNS Service FAQs =
Line 42: Line 44:
<span style="display:none" class="helpSource administration_public_address">Public_Address</span>
<span style="display:none" class="helpSource administration_public_address">Public_Address</span>


== Public Address Configuration ==
Public address configures what the public accessible address and URL is for the NG Firewall server.
 
Public address configures what the public accessible address and URL is for the Untangle Server.


In some cases, Untangle has services that should be externally accessible for the world. For example, Quarantine Digest emails are sent for [[Spam Blocker]] with a link to their Quarantine hosted on the Untangle server. In order for this link to work for users outside the local network the ''Public Address'' must be properly configured such that it sends the correctly globally accessible link.
In some cases, NG Firewall has services that should be externally accessible for the world. For example, Quarantine Digest emails are sent for [[Spam Blocker]] with a link to their Quarantine hosted on the NG Firewall server. In order for this link to work for users outside the local network the ''Public Address'' must be properly configured such that it sends the correctly globally accessible link.


=== Use IP address from External interface ===
=== Use IP address from External interface ===
Line 56: Line 56:
<blockquote>''Example:'' If your WAN is configured dynamically and currently has an IP of 4.3.2.1 and and the HTTPS port is configured to 4343 in [[Services]], then "https://4.3.2.1:4343" will be used as the public address.</blockquote>
<blockquote>''Example:'' If your WAN is configured dynamically and currently has an IP of 4.3.2.1 and and the HTTPS port is configured to 4343 in [[Services]], then "https://4.3.2.1:4343" will be used as the public address.</blockquote>


This will work if you Untangle WAN interface has a static public IP configured.
This will work if your NG Firewall WAN interface has a static public IP configured.


This will not be correct if Untangle's WAN does not have a public IP configured, which is common if it is installed behind another router.
This will not be correct if NG Firewall's WAN does not have a public IP configured, which is common if it is installed behind another router.
It also may not work if Untangle's WAN to get an address dynamically (DHCP) because it will often change.
It also may not work if NG Firewall's WAN to get an address dynamically (DHCP) because it will often change.


=== Use Hostname ===
=== Use Hostname ===
Line 65: Line 65:
If ''Use Hostname'' is checked, the configured hostname and domain name will be used as the public address.
If ''Use Hostname'' is checked, the configured hostname and domain name will be used as the public address.


<blockquote>''Example:'' If your hostname is configured as "untangle" and your domain is "example.com" and the HTTPS port is configured to 443 in [[Services]], the "https://hostname.example.com" will be used as the public address.</blockquote>
<blockquote>''Example:'' If your hostname is configured as "hostname" and your domain is "example.com" and the HTTPS port is configured to 443 in [[Services]], the "https://hostname.example.com" will be used as the public address.</blockquote>


This is the suggested if you control your DNS server and can properly configure Untangle's hostname+domainname to lookup to the public IP of Untangle (or one that is port forwarded to Untangle).
This is the suggested if you control your DNS server and can properly configure NG Firewall's hostname+domainname to lookup to the public IP of NG Firewall (or one that is port forwarded to NG Firewall).
This is also ideal if you have a [[Certificates|certificate]] installed such that no HTTPS certificate warning will be shown.
This is also ideal if you have a [[Certificates|certificate]] installed such that no HTTPS certificate warning will be shown.


Line 74: Line 74:
If ''Use Manually Configured Address'' is checked the configured name and port will be used to generate the public address. IP/Hostname can be either a hostname or an IP address.  
If ''Use Manually Configured Address'' is checked the configured name and port will be used to generate the public address. IP/Hostname can be either a hostname or an IP address.  


<blockquote>''Example:'' If your IP/Hostname is configured as "untangle.example.com" and the port is configured to 443, then "https://untangle.example.com" will be used as the  
<blockquote>''Example:'' If your IP/Hostname is configured as "ngfw.example.com" and the port is configured to 443, then "https://ngfw.example.com" will be used as the  
public address.</blockquote>
public address.</blockquote>


<blockquote>''Example:'' If your IP/Hostname is configured as "1.2.3.4"  and the port is configured to 4343, then "https://1.2.3.4:4343/" will be used as the public address.</blockquote>
<blockquote>''Example:'' If your IP/Hostname is configured as "1.2.3.4"  and the port is configured to 4343, then "https://1.2.3.4:4343/" will be used as the public address.</blockquote>


This option is useful to manually configured the exact public address. It can be necessary if Untangle is behind another router. Just configured the IP of the public router in front of untangle and an available port, and then port forward that IP/port from the public router to the HTTPS service on Untangle.
This option is useful to manually configured the exact public address. It can be necessary if NG Firewall is behind another router. Just configured the IP of the public router in front of NG Firewall and an available port, and then port forward that IP/port from the public router to the HTTPS service on NG Firewall.

Latest revision as of 16:41, 3 May 2022

The tab configures the hostname and related settings of the NG Firewall server.

Hostname

  • Hostname
    • This is the name given to the NG Firewall server, such as "NGFW", "firewall", and so on.
  • Domain
    • This is the domain name of the NG Firewall server. If your company uses "mycompany.com" you will likely want to use "mycompany.com"

The fully qualified domain name (FQDN) for the NG Firewall server is Hostname + Domain. So Hostname = "NGFW" and Domain = "mycompany.com" means the FQDN for NG Firewall is ngfw.mycompany.com. If you have publicly available services like VPN and/or spam quarantines you should make sure that ngfw.mycompany.com resolves in DNS to the/a public IP of the NG Firewall server.

Dynamic DNS Service Configuration

Several Dynamic DNS services are available to help those with dynamic public IPs. Some ISPs and areas only offer dynamic IPs which can be problematic for networks with remote users wanting to access services. You can not remote users access the server/network by the public IP because it can change at any time.

These services exists to automatically update the public DNS entry when your DHCP address changes. This allows you to refer remote users to a FQDN such as "firewall.mycompany.com" and then automatically update the DNS resolution of "firewall.mycompany.com" to your public IP when it changes.

  • Enabled
    • If enabled a Dynamic DNS server will be used to update DNS resolution of the FQDN
  • Service
    • The dropdown shows the supported services. Choose the service you wish to use.
  • Username
    • The username to use of the service.
  • Password
    • The password of the account of the service.
  • Hostname(s)
    • The hostname to update with NG Firewall's public IP address. Specify a single FQDN or multiple FQDNs separated by commas.

NOTE: The username/password is stored in the settings unhashed and sent to the provider unhashed.

Dynamic DNS Service FAQs

DNS-O-Matic is not updating my hostname with the new IP address. Why?

DNS-O-Matic configuration requires all.dnsomatic.com in the hostname field. More on this on the DNS-O-Matic wiki https://dnsomatic.com/wiki/ddclient


Public address configures what the public accessible address and URL is for the NG Firewall server.

In some cases, NG Firewall has services that should be externally accessible for the world. For example, Quarantine Digest emails are sent for Spam Blocker with a link to their Quarantine hosted on the NG Firewall server. In order for this link to work for users outside the local network the Public Address must be properly configured such that it sends the correctly globally accessible link.

Use IP address from External interface

If Use IP address from External interface is checked, the primary address of the first WAN interface will be used as the public address.

Example: If your WAN is configured statically as 1.2.3.4 and and the HTTPS port is configured to 443 in Services, then "https://1.2.3.4" will be used as the public address.

Example: If your WAN is configured dynamically and currently has an IP of 4.3.2.1 and and the HTTPS port is configured to 4343 in Services, then "https://4.3.2.1:4343" will be used as the public address.

This will work if your NG Firewall WAN interface has a static public IP configured.

This will not be correct if NG Firewall's WAN does not have a public IP configured, which is common if it is installed behind another router. It also may not work if NG Firewall's WAN to get an address dynamically (DHCP) because it will often change.

Use Hostname

If Use Hostname is checked, the configured hostname and domain name will be used as the public address.

Example: If your hostname is configured as "hostname" and your domain is "example.com" and the HTTPS port is configured to 443 in Services, the "https://hostname.example.com" will be used as the public address.

This is the suggested if you control your DNS server and can properly configure NG Firewall's hostname+domainname to lookup to the public IP of NG Firewall (or one that is port forwarded to NG Firewall). This is also ideal if you have a certificate installed such that no HTTPS certificate warning will be shown.

Use Manually Configured Address

If Use Manually Configured Address is checked the configured name and port will be used to generate the public address. IP/Hostname can be either a hostname or an IP address.

Example: If your IP/Hostname is configured as "ngfw.example.com" and the port is configured to 443, then "https://ngfw.example.com" will be used as the public address.

Example: If your IP/Hostname is configured as "1.2.3.4" and the port is configured to 4343, then "https://1.2.3.4:4343/" will be used as the public address.

This option is useful to manually configured the exact public address. It can be necessary if NG Firewall is behind another router. Just configured the IP of the public router in front of NG Firewall and an available port, and then port forward that IP/port from the public router to the HTTPS service on NG Firewall.