USG110 behind FreeBox modem

jeffjohn1941 · August 2019

For many years, we have used a Zywall 5 with its multiple LAN outputs behind a FreeBox (Illiad) modem in France. We need to use this modem to benefit from the ISP (Free.fr) VOIP phone facility.

I would like to replace the outmoded ZyWall 5 with a USG110, but as yet not clear how to obtain the 'bridge' function.

Could someone advise me, or direct me to a guide, please.

Regards Jeff

zyman2008 · August 2019

Hi Jeff,

You want USG run as a transparent(bridge) firewall behind the FreeBox ?

Here some questions,

How will you manage the USG ? from LAN side or WAN side or both ?
Do you want to manage the access(firewall rule) between LAN ports or just between WAN & LAN ?

Zyxel_Cooldia · August 2019

Hi @jeffjohn1941

The bridge configuration is at “CONFIGURATION > Network > Interface > Bridge”.

Click “Add” to create a bridge interface, and select interface you want to bridge.

BTW, as mentioned by zyman2008, device management need to be considered.

jeffjohn1941 · August 2019

Hi Zyman! Thank you for your interest in setting up my USG110. As I said, I have used a Zywall 5 successfully for 5 years or more, simply set in 'bridge' mode. The device is managed both locally (LAN) and from UK using site-to-site Ipsec connection and local IP address. I have been given an unused USG110 and keen to replace the ZyWall 5. I would use 4 ports as LAN1 to connect my internal network, and bridge the modem to them. A walk-through advice would be very much appreciated.

(I have previously benefited from your contributions on the 'old' forum, setting up my uk base SBG3300 !).

regards jeff

zyman2008 · August 2019

Hi @jeffjohn1941

Here I list more detail steps, FYI.

Assume the admin's laptop is connect to Port 4 to change settings

1.Change ports to LAN side

On GUI, Network > Interface > Port Role, select P3 to P7 as lan1 ports.

2.Add firewall rules to allow WAN side to access LAN side

Note: This step is very important. Otherwise the LAN clients cannot DHCP IP address from FreeBox after you create the bridge interface.

On GUI, Security Policy > Policy Control, add a new rule on the top (as the first rule)

3.Change firewall rule to allow device management from WAN side

On GUI, Object > Service > Service Group, edit "Default_Allow_WAN_To_ZyWALL" service group object. Usually, I'll add PING, HTTPS, SSH_TCP for remote management.

4.Create bridge interface

On GUI, Network > Interface > Bridge, add new interface

(1)Recommend to select "WAN" as the Zone.

(2)Add "wan1" & "lan1" interface into the bridge member.

wan1(Port 1) as uplink to Freebox, and lan1(Port 3-7) as LAN side.

(3)Assign IP address to bridge for management

You can assign a static IP address or Get Automatically(DHCP) from the FreeBox

4.Reconnect your laptop to get IP address from FreeBox

Once you create the bridge interface, your laptop will lose connect immediately. (Since the original IP address is get from USG)

You need to unplug & plug the Ethernet cable to get new IP address from FreeBox.

zyman2008 · August 2019

Hi Jeff,

You want USG run as a transparent(bridge) firewall behind the FreeBox ?

Here some questions,

How will you manage the USG ? from LAN side or WAN side or both ?
Do you want to manage the access(firewall rule) between LAN ports or just between WAN & LAN ?

Zyxel_Cooldia · August 2019

Hi @jeffjohn1941

The bridge configuration is at “CONFIGURATION > Network > Interface > Bridge”.

Click “Add” to create a bridge interface, and select interface you want to bridge.

BTW, as mentioned by zyman2008, device management need to be considered.

jeffjohn1941 · August 2019

Hi Zyman! Thank you for your interest in setting up my USG110. As I said, I have used a Zywall 5 successfully for 5 years or more, simply set in 'bridge' mode. The device is managed both locally (LAN) and from UK using site-to-site Ipsec connection and local IP address. I have been given an unused USG110 and keen to replace the ZyWall 5. I would use 4 ports as LAN1 to connect my internal network, and bridge the modem to them. A walk-through advice would be very much appreciated.

(I have previously benefited from your contributions on the 'old' forum, setting up my uk base SBG3300 !).

regards jeff

zyman2008 · August 2019

Hi @jeffjohn1941

Here I list more detail steps, FYI.

Assume the admin's laptop is connect to Port 4 to change settings

1.Change ports to LAN side

On GUI, Network > Interface > Port Role, select P3 to P7 as lan1 ports.

2.Add firewall rules to allow WAN side to access LAN side

Note: This step is very important. Otherwise the LAN clients cannot DHCP IP address from FreeBox after you create the bridge interface.

On GUI, Security Policy > Policy Control, add a new rule on the top (as the first rule)

3.Change firewall rule to allow device management from WAN side

On GUI, Object > Service > Service Group, edit "Default_Allow_WAN_To_ZyWALL" service group object. Usually, I'll add PING, HTTPS, SSH_TCP for remote management.

4.Create bridge interface

On GUI, Network > Interface > Bridge, add new interface

(1)Recommend to select "WAN" as the Zone.

(2)Add "wan1" & "lan1" interface into the bridge member.

wan1(Port 1) as uplink to Freebox, and lan1(Port 3-7) as LAN side.

(3)Assign IP address to bridge for management

You can assign a static IP address or Get Automatically(DHCP) from the FreeBox

4.Reconnect your laptop to get IP address from FreeBox

Once you create the bridge interface, your laptop will lose connect immediately. (Since the original IP address is get from USG)

You need to unplug & plug the Ethernet cable to get new IP address from FreeBox.

jeffjohn1941 · August 2019

Zyman! Thank you so much for your very detailed explanations. Absolutely perfect for my needs.

I shall set up the USG here (UK) before my next visit to France later and will implement your suggestions. I'm sure all will be well!

I'm very appreciative of your detailed guidance. Regards jeff

USG110 behind FreeBox modem

Best Answers

All Replies

Categories

Security Highlight

Security Help Center