How to Configure an Interface on a GajShield Firewall

Configuring an interface on a GajShield firewall is a fundamental step in setting up network connectivity. This includes assigning IP addresses, defining zones, and tuning network parameters.

This guide walks you through the process based on the interface configuration screen.

1. Navigate to Interface Configuration

  • Go to Configuration → Device → Interfaces
  • Select the interface you want to configure (e.g., LAN, WAN)

You’ll land on a screen similar to what you’re seeing.

2. Basic Interface Settings

Interface Name

  • Defines the logical name of the interface (e.g., LAN, WAN)
  • Choose something meaningful if creating a custom interface

Network Zone

  • Assign the interface to a zone (e.g., LAN, WAN, DMZ)
  • This controls firewall policy behavior

👉 Tip:

  • LAN → trusted network
  • WAN → untrusted/external
  • DMZ → semi-trusted

3. IPv4 Configuration

This is where actual networking happens.

Interface Type

  • Usually set to Standard
  • Leave as-is unless you’re doing something exotic (and if you are, you don’t need this guide)

Default Gateway

  • Enable only if this interface is your primary outbound route
  • Typically enabled on WAN interfaces

IP Address

  • Assign a static IP
    Example:

    192.168.1.199

Netmask

  • Defines the subnet
    Example:

    255.255.255.0

Next Hop IP (Optional)

  • Used for routing traffic via a specific gateway
  • Leave blank unless you know why you need it

4. IPv6 Configuration (Optional)

If you’re still pretending IPv6 isn’t real, you can skip this.

Otherwise:

IPv6 Address

  • Assign IPv6 address with prefix

Next Hop IP

  • IPv6 gateway

Default Gateway

  • Enable if this interface handles outbound IPv6 traffic

5. Advanced Settings

Now for the knobs people love to touch and later regret.

Interface Speed

  • Default: Auto Negotiation
  • Only change if:
    • You have link issues
    • Or someone upstream forced a speed (which they shouldn’t have)

MTU (Maximum Transmission Unit)

  • Default: 1500
  • Reduce if:
    • Using VPNs (e.g., 1400–1460)
    • Experiencing fragmentation issues

MSS (Maximum Segment Size)

  • Range: 536 – 1460
  • Useful for TCP optimization, especially in VPN scenarios

6. Proxy ARP (Optional)

  • Enable if the firewall needs to respond to ARP requests on behalf of another device
  • Typically used in:
    • Transparent deployments
    • Certain routing setups

If you don’t know what Proxy ARP is, don’t enable it. Life is already complicated.

7. Save and Apply

  • Click Save
  • Apply changes if required
  • Restart networking if prompted (Restart Nw button)

8. Verification

After configuration:

  • Ping the interface IP
  • Check routing:
    • Diagnostics → Routing
  • Verify traffic flow:
    • Firewall → Live Logs

Practical Example (LAN Interface)

Parameter Value
Interface Name LAN
Zone LAN
IP Address 192.168.1.199
Netmask 255.255.255.0
Gateway Not required

Common Mistakes (because everyone makes them)

  • Setting default gateway on LAN
  • Using overlapping subnets
  • Forgetting to assign zone → then wondering why traffic is blocked
  • Messing with MTU “just to test something”