Networks & Interfaces

By default, ether1 is configured as the WAN interface, and ether2 is configured as the LAN interface.

To modify any interface, click the configuration icon next to the interface you want to configure.

This will open a configuration popup window, as shown in the image below.

Ether1 – WAN Interface Configuration

When editing ether1, the following configuration options are available:

1. Description 

Add a label that helps you identify the interface’s purpose (e.g., WAN, Fibre, LTE).

2. Designation 

Choose the interface role. The dropdown provides two options:

2. • WAN

   • LAN

3. Mode 

Select how the interface receives its IP address:

3. • Disabled – Disables the interface.

   • Static IP address – Choose this if your ISP has assigned you a specific IP address that must be manually entered.

   • DHCP – Commonly used for WAN connections. The interface will automatically receive an IP address from your ISP’s router.

After adjusting the settings, click Save Changes to apply and commit the configuration.

Note: You may configure a second interface as a WAN interface for failover redundancy, ensuring continued internet access in the event the primary connection goes down.

Ether2 – LAN Interface Configuration

The same process used to configure ether1 applies to all other interfaces. In the example shown above, ether2 is configured as the LAN interface. The primary difference is the Designation, which is currently set to LAN.

You would typically connect an ethernet cable from ether2 to your network switch, allowing the iShield to provide network access to your internal devices.

Configuring the LAN Interface

For a LAN interface, the Mode should be set to Static IP address, as this interface defines your internal network range.

1. Click the Add IP Address button.

2. Enter the IP address you want to assign to the LAN interface.

   • This IP address will become your LAN gateway (e.g., 192.168.1.254).

3. Click the Add button to add a new IP address.

4. Click Save Changes to apply and commit the configuration.

To remove an IP address, select the Delete icon, then click the Save Changes button.

Creating VLANs

To create a new VLAN interface, click the Add VLAN Interface button.

VLAN Configuration Options

1. Physical Network Interface

Select the physical interface that the VLAN will use for breakout.

2. VLAN ID

Enter the VLAN ID.

2. • This must match the VLAN ID configured on your managed switch.

3. Designation

Choose whether this VLAN will function as a LAN or WAN interface.

4. Mode

Select the required IP mode: 

4. • Static IP address (most common)

   • DHCP

5. Add IP Address

   • Click Add IP Address.

   • Enter the required IP details.

   • Click Add to store the IP configuration.

6. Save VLAN Interface 

Click Add VLAN to create and save the VLAN interface.

Network ranges must be configured to match the IP ranges used by your LAN network interfaces. This is important as these ranges determine which IP addresses your DNS and DHCP services will use.

By default, the iShield includes preconfigured ranges that cover most private IP address spaces. You may either edit an existing range using the edit icon or add a new one.

It is recommended to adjust the default range and subnet to match the LAN network range you intend to use.

*Naming Note:

When adding a new range or renaming an existing one, use lowercase characters only.

Network Scanning

Network scanning is enabled by default.

When enabled, the iShield actively scans devices on the network and retrieves as much information as possible, including:

• Device details

• Open ports

• Identification information

• Other available metadata

This information is displayed in the Devices section, as shown in the image.

Important:

Active network scanning may cause issues with some antivirus products, as they may interpret the scan as malicious activity and block the firewall. To prevent this, it is recommended to add the IP address of the iShield to the antivirus software’s exclusion list.

To disable active scanning, untick Enable Active Network Scanning.

Scan Exclusions

You can exclude a specific host or an entire network segment by clicking the Add Scan Exclusion button and entering the required details.