116 CHAPTER 8: ADVANCED SETTINGSFigure 52 Intranet WindowTo enable intranet firewalling, it is necessary to identify which machinesare protected against unauthorized access by specifying the IP addressesof these machines. You can do this in two ways:� Inclusively by specifying which machines are members of the segmentwith restricted access.� Exclusively by specifying which machines are not members of thesegment with the restricted access.Using the inclusive method, you specify the IP addresses of the machineswhich are connected to the Firewall’s LAN port. Use this method in casessuch as a small accounting office in a large LAN, where it may be easier toidentify the small number of machines with restricted access rather thanthe larger number of machines on the corporate network.Using the exclusive method, you specify the IP addresses of the machinesconnected to the Firewall’s WAN port. Use this method in cases such as alarge school district with a small student computer lab where it would beeasier to specify the small number of machines on the WAN which arenot protected by the intranet firewall, rather than the larger number ofmachines which are.Typically, it is easier to enter the IP addresses from the smaller number ofmachines. Enter these addresses individually, or as a range.IP addresses for Workstations on the LAN port must have static IPaddresses or use the Internet Firewall as a DHCP server. It is not possiblefor them to use a DHCP server connected to the WAN port.DUA1611-0AAA02.book Page 116 Thursday, August 2, 2001 4:01 PM
