6Firewall110Internet accessThis section describes setting up access to the public Internet using the CLI, with static IPaddresses supplied by an ISP.AssumptionsThe assumption for the examples and descriptions in this chapter is that the hardwareplatform has two Ethernet interfaces available: interface sfp1 and interface sfp2. The sfp2interface will be used for connection to the public Internet and the sfp1 interface will be usedfor connection to a protected, local network.Required IP address objectsBefore you can set up access to the public network, you must create a number of IP addressobjects. In this example, the interface used for the Internet connection is sfp2, the ISPgateway IPv4 address is 10.5.4.1, the IPv4 address for the connecting interface is 10.5.4.35,and the network is 10.5.4.0/24.Note: Private IPv4 addresses are used for example only. Each installation's IP addresses will bedifferent from these IP addresses but they are used here only to illustrate how setup is done.Also, these addresses are private IPv4 addresses and in reality an ISP would use public IPaddresses instead.In addition, you must add the gateway IP address object, which in this example is calledwan_gw:Device:/> add Address IPAddress wan_gw Address=10.5.4.1This is the address of the ISP’s gateway, which is the first router hop towards the publicInternet. If this IP object already exists, it can be given the IP address with the command:Device:/> set Address IPAddress wan_gw Address=10.5.4.1Defining routesA route must now be defined that specifies that the Internet can be found on the sfp2interface, along with the IP address of the default gateway that is the ISP’s router.1. Change the context to be the main routing table:Device:/> cc RoutingTable mainThe prompt changes to indicate the context has changed.Device:/RoutingTable/main>2. Add the route to the Internet:Device:/RoutingTable/main> add Route Interface=sfp2 Network=all‐nets‐ip4 Gateway=wan_gw3. Change the context back to the original with the command:Device:/> cc