Networks & Interfaces

By default, ether1 is configured as the WAN interface, and ether2 is configured as the LAN interface.

To modify any interface, click the configuration icon next to the interface you want to configure.

ether1 – WAN Interface Configuration

When editing ether1, the following configuration options are available:

• Description: Specify a meaningful label to identify the interface's purpose (e.g., WAN, Fibre, LTE).

• Designation:

  • WAN

  • LAN

• Mode: 

  • Disabled: Disables the interface.

  • Static IP address: Manually configure the IP address details provided by the ISP.

  • DHCP – Automatically obtains IP address settings from the ISP .

Select Save Changes to apply and commit the configuration.

Note: A secondary interface can be configured as a WAN interface to provide failover redundancy. This ensures continued internet connectivity if the primary WAN connection becomes unavailable. 

ether2 – LAN Interface Configuration

The configuration process for ether2 follows the same steps as ether1, with the key difference being its role. In this case, ether2 is designated as a LAN interface.

Configuring the LAN Interface

For a LAN interface, the Mode should be set to Static IP address, as this interface defines the internal network (subnet) range.

• Select the Add IP Address button.

• Enter the desired IP address for the LAN interface.

  • This will act as the default gateway for devices on the network (e.g., 192.168.1.254).

• Select Add to confirm the IP address.

• Click Save Changes to apply and commit the configuration.

  • To remove an IP address, select the Delete icon next to the entry, then click the Save Changes button.

Creating VLANs

To create a new VLAN interface, click the Add VLAN Interface button.

VLAN Configuration Options

• Physical Network Interface: Select the physical interface the VLAN will be associated with.

• VLAN ID: Enter the VLAN ID for the network. This value must match the VLAN ID configured on any managed switch to ensure proper traffic tagging and communication. 

• Designation: 

  • LAN: For internal network segmentation.

  • WAN: For external or ISP-related connections (less common).

• Mode:

  • Static IP address: Manually define the IP address and subnet for the VLAN. This is typically used when the VLAN acts as a gateway for internal devices. 

  • DHCP: Automatically obtain IP configuration from an upstream DHCP server.

• Add IP Address:

  • Select Add IP Address.

  • Enter the required IP details.

  • Click Add to store the IP configuration.

• Save VLAN Interface 

• Click Add VLAN to create and save the VLAN interface.

Local Networks

Network ranges define the IP addresses that the iShield uses for DNS and DHCP. Proper configuration ensures that devices on the LAN can communicate correctly and receive valid IP assignments.

By default, iShield includes preconfigured ranges covering most private IP address spaces.

You can edit an existing range using the edit icon, or add a new range if needed.

It is recommended to adjust the default range and subnet to match the intended LAN network.

Note:

When adding a new range or renaming an existing one, use lowercase characters only.

Network Scanning

Network scanning is enabled by default.

This feature allows the iShield to actively scan the network and collect information, including :

• Device details

• Open ports

• Identification information

• Other available metadata

This information is displayed in the Devices section, as shown in the image.

Important:

Active scanning may trigger antivirus or endpoint security products, which could interpret the scan as malicious activity and block the firewall. To prevent conflicts, add the iShield IP address to your antivirus or endpoint security product exclusion list.

To disable active scanning, untick Enable Active Network Scanning.

Scan Exclusions

You can exclude a specific host or an entire network segment by clicking the Add Scan Exclusion button and entering the required details.