Introduction to Network Connection

This chapter describes factors and configurations related to network connection, including:

• Interface: The interface allows inbound and outbound traffic to security zones. An interface must be bound to a security zone so that traffic can flow into and from the security zone. Furthermore, for Layer 3 security zone, an IP address should be configured for the interface, and then corresponding policy rules should also be configured to allow traffic transmission between different security zones. Multiple interfaces can be bound to one security zones, but one interface cannot be bound to multiple security zones. System supports various types of interfaces to implement different functions.
• Security zone: The security zone divides network into different sections, for example, trust zone (typically trusted sections like Intranet), or untrust zone (typically untrusted sections that pose security threats, like Internet). System can control the traffic from and to security zones once the configured policy rules have been applied.
• DNS: Domain Name System.
• DHCP: Dynamic Host Configuration Protocol.
• DDNS: Dynamic Domain Name Server.
• PPPoE: Point-to-Point Protocol over Ethernet.
• VLAN: Virtual LAN.
• Virtual Router: VRouter (VR for short) acts as a router. Different VRs have their own independent routing tables. The system has a default VR named “trust-vr” which is bound with all the Layer 3 security zones. System supports multiple VRs, and the max amount of supported VRs may vary by different hardware platforms. Multiple VRs divide a device into multiple virtual routers, each of the routers utilizes and maintains their completely independent routing table. In such a case one single device is acting as multiple routers. Multiple VRs allow a device to achieve the effects of the address isolation between different route zones and address overlapping between different VRs, as well as to avoid route leaking to some extent, enhancing route security of network.
  
• Virtual Switch: Running on Layer 2, VSwitch acts as a switch. Once a Layer 2 security zone is bound to a VSwitch, all the interfaces bound to that zone will also be bound to the VSwitch. In such a case a VSwitch will be a Layer 2 forwarding zone, and each VSwitch has their own independent MAC address table, so device’s Layer 2 forwarding is implemented in the VSwitch. Furthermore, traffic can pass through VSwitch interfaces, realizing forward between Layer 2 and Layer 3. For more information on the binding relationship between interface, security zone, VSwitch and VRouter, see the following graph:
  
  
• Virtual-Wire: The virtual wire allows direct Layer 2 communications between sub networks.
• Global network parameters: These parameters mainly include IP packet's processing options, like IP fragmention, TCP MSS value, etc.
• Network Connection Configuration Wizard: routing mode, transparent mode.