• SonicOSX 7
• Interfaces
  • About Interfaces
    • Physical and Virtual Interfaces
      • Physical Interfaces
      • Virtual Interfaces (VLAN)
      • Subinterfaces
    • SonicOSX Secure Objects
    • One Arm Mode and Single Interface Support
    • Transparent Mode
    • IPS Sniffer Mode
      • Sample IPS Sniffer Mode Topology
    • Firewall Sandwich
    • HTTP/HTTPS Redirection
      • HTTP/HTTPS Redirection with DP Offload
    • Enabling DNS Proxy on an Interface
    • LTE Modem Support
    • LAN Bypass
  • Interface Settings IPv4
    • Adding Virtual Interfaces
      • Configuring General Settings for Virtual Interface
      • Configuring Advanced Settings for a Virtual Interface
      • Configuring Virtual Interfaces (VLAN Subinterfaces)
    • Configuring Routed Mode
    • Enabling Bandwidth Management on an Interface
    • Configuring Interfaces in Transparent IP Mode (Splice L3 Subnet)
      • Configuring Advanced Settings for a Transparent IP Mode Interface
    • Configuring Wireless Interfaces
      • Configuring Advanced Settings for a Wireless Interface
    • Configuring WAN Interfaces
      • Configuring Advanced Settings for a WAN Interface
      • Configuring Protocol Settings for a WAN Interface
    • Configuring Tunnel Interfaces
    • Configuring VPN Tunnel Interfaces
    • Configuring Link Aggregation and Port Redundancy
      • Link Aggregation
        • Link Aggregation Failover
        • Link Aggregation Limitations
        • Link Aggregation Configuration
      • Port Redundancy
        • Port Redundancy Failover
        • Port Redundancy Configuration
    • Configuring One Arm Mode
    • Configuring an IPS Sniffer Mode Appliance
      • Configuration Task List for IPS Sniffer Mode
      • Configuring the Primary Bridge Interface
      • Configuring the Secondary Bridge Interface
      • Configuring SNMP
      • Configuring IPS Sniffer Mode
    • Configuring Security Services (Unified Threat Management)
      • Configuring Logging
      • Connecting a Mirrored Switch Port to an IPS Sniffer Mode Interface
      • Connecting and Configuring a WAN Interface to the Data Center
    • Configuring Wire and Tap Mode
      • Configuring an Interface for Wire Mode
      • Configuring Wire Mode for a WAN/LAN Zone Pair
      • Configuring Wire Mode with Link Aggregation
    • Layer 2 Bridged Mode
      • Key Features of SonicOSX Layer 2 Bridged Mode
      • Key Concepts to Configuring L2 Bridged Mode and Transparent Mode
      • Comparing L2 Bridged Mode to Transparent Mode
        • Comparison of L2 Bridged Mode to Transparent Mode
        • Benefits of Transparent Mode over L2 Bridged Mode
        • ARP in Transparent Mode
        • VLAN Support in Transparent Mode
        • Multiple Subnets in Transparent Mode
        • Non-IPv4 Traffic in Transparent Mode
        • ARP in L2 Bridged Mode
        • VLAN Support in L2 Bridged Mode
        • L2 Bridge IP Packet Path
        • Multiple Subnets in L2 Bridged Mode
        • Non-IPv4 Traffic in L2 Bridged Mode
      • L2 Bridge Path Determination
      • L2 Bridge Interface Zone Selection
        • Security Services Directionality
        • Access Rule Defaults
        • WAN Connectivity
      • Sample Topologies
        • Wireless Layer 2 Bridge
        • Inline Layer 2 Bridged Mode
        • Perimeter Security
        • Internal Security
        • Layer 2 Bridged Mode with High Availability
        • Layer 2 Bridged Mode with SSL VPN
        • WAN to LAN Access Rules
      • Configuring Network Interfaces and Activating L2B Mode
        • Installing the Appliance between the Network and an SSL VPN Appliance
        • Configuring or Verifying Settings
      • Configuring Layer 2 Bridged Mode
        • Configuration Task List for Layer 2 Bridged Mode
        • Configuring the Common Settings for L2 Bridged Mode Deployments
          • Licensing Services
          • Disabling a DHCP Server
          • Configuring SNMP Settings
          • Enabling SNMP and HTTPS on the Interfaces
          • Enabling Syslog
          • Activating Security Services on Each Zone
          • Creating Access Rules
          • Configuring Log Settings
          • Configuring Wireless Zone Settings
        • Configuring Layer 2 Bridged Mode Procedure
          • Configuring the Primary Bridge Interface
          • Configuring the Secondary Bridge Interface
          • Configuring an L2 Bypass for Hardware Failures
        • VLAN Integration with Layer 2 Bridged Mode
        • VPN Integration with Layer 2 Bridged Mode
      • Asymmetric Routing
    • Configuring Interfaces for IPv6
  • 31-Bit Network Settings
    • 31-Bit Network Environment Example
    • Configuring a 31-Bit Network in SonicOSX
  • PPPoE Unnumbered Interface Support
    • Sample Network Topography
    • Caveats
    • Configuring a PPPoE Unnumbered Interface
    • Configuring HA with PPPoE Unnumbered
• Failover & LB
  • Settings
  • Groups
• Neighbor Discovery
  • Static NDP Entries
    • Adding Static NDP Entries
    • Editing Static NDP Entries
    • Deleting Static NDP Entries
  • NDP Settings
  • NDP Cache
    • Flushing the NDP Cache
• ARP
  • Static ARP Entries
    • Viewing Static ARP Entries
    • Adding Static ARP Entries
    • Editing Static ARP Entries
    • Deleting Static ARP Entries
    • Secondary Subnets with Static ARP
      • Adding a Secondary Subnet
        • Secondary Subnet Example
  • ARP Settings
  • ARP Cache
    • Flushing the ARP Cache
• MAC IP Anti-Spoof
  • MAC IPv4 and IPv6 Anti-Spoof Settings
  • Configuring MAC IP Anti-Spoof Settings
  • Anti-Spoof Cache
  • Spoof Detected List
• Web Proxy
  • User Proxy Servers
  • Automatic Proxy Forwarding (Web Only)
    • Adding User Proxy Servers
    • Editing User Proxy Servers
    • Deleting User Proxy Servers
• VLAN Translation
  • Mapping Modes
  • Mapping Persistence
  • Map Multiple Interface Pairs
  • Creating and Managing VLAN Maps
    • Creating a VLAN Map
      • Creating a Wire Mode Pair in Secure Mode
      • Creating the VLAN Mapping
    • Managing VLAN Mappings
      • Editing Mappings
      • Filtering Mappings
      • Deleting Mappings
• IP Helper
  • Using IP Helper
    • About IP Helper
      • VPN Tunnel Interface Support for IP Helper
      • DHCPv6 Relay
        • About DHCPv6 Relay
        • Configuring DHCPv6 Relay
    • IP Helper Settings
      • Relay Protocols
      • Policies
      • DHCP/DHCPv6 Relay Leases
  • Configuring IP Helper
    • Enabling IP Helper
    • Managing Relay Protocols
      • Adding User-Defined Relay Protocols
      • Deleting Custom Protocols
    • Managing IP Helper Policies
      • Adding an IP Helper Policy
      • Editing an IP Helper Policy
      • Deleting IP Helper Policies
    • Filtering Which DHCP Relay Leases are Displayed
    • Displaying IP Helper Cache from TSR
• Dynamic Routing
  • Route Advertisement
  • OSPFv2
  • OSPFv3
  • RIP
  • RIPng
  • Settings
• DHCP Server
  • Configuring a DHCP Server
    • Configuring the DHCP Server Settings
      • Configuring the DHCP Server for DNS Proxy
    • Configuring DHCP Server Lease Scopes
    • Current DHCP Leases
      • Current DHCP Leases IPv4
      • Current DHCP Leases IPv6
    • DHCPv6 Relay
  • Configuring Advanced Options
    • Configuring DHCP Option Objects
    • Configuring DHCP Option Groups
    • Configuring a Trusted DHCP Relay Agent Address Group (IPv4 Only)
    • Enabling Trusted DHCP Relay Agents
    • Configuring IPv4 DHCP Servers for Dynamic Ranges
      • Add DHCP Dynamic Scope
      • DNS/WINS
      • Advanced
    • Configuring IPv6 DHCP Servers for Dynamic Ranges
      • Add DHCPv6 Dynamic Scope
      • DNS
      • Advanced
    • Configuring IPv4 DHCP Static Ranges
      • Adding DHCPv4 Static Scope Settings
    • Configuring IPv6 DHCP Static Ranges
    • Configuring DHCP Generic Options for DHCP Lease Scopes
      • RFC-defined DHCP Option Numbers
    • DHCP and IPv6
• Multicast
  • Multicast Policies
    • Creating a Multicast Address Object
    • Creating a New Multicast Address Group
  • IGMP State
  • Enabling Multicast
    • Enabling Multicast on a LAN-Dedicated Interface
    • Enabling Multicast Support for Address Objects over a VPN Tunnel
• Network Monitor
  • About Network Monitor Policies
  • Configuring Network Monitor Policies
  • Deleting Network Monitor Policies
• AWS Configuration
  • AWS Security Credentials
    • IAM Group and User
  • Firewall Configuration
    • Test Connection
• SonicWall Support
  • About This Document

Configuring an L2 Bypass for Hardware Failures

An L2 bypass enables you to perform a physical bypass of the appliance when an interface is bridged to another interface with LAN bypass capability. This allows network traffic to continue flowing when an unrecoverable firewall failure occurs.

When the L2 bypass relay is closed, the network cables attached to the bypassed interfaces (X0 and X1) are physically connected as if they were a single continuous network cable. The Engage physical bypass on malfunction option provides you the choice of avoiding disruption of network traffic by bypassing the firewall in the event of a malfunction.

L2 bypass is only applicable to interfaces in Layer 2 Bridged Mode. The Engage physical bypass on malfunction option only appears when the Layer 2 Bridged Mode option is selected from Mode / IP Assignment. This option does not appear unless a physical bypass relay exists between the two interfaces of the bridge-pair.

When the Engage physical bypass on malfunction option is enabled, the other Layer 2 Bridged Mode options are automatically set

• Block all non-IPv4 traffic – disabled. When enabled, this option blocks all non-IPv4 Ethernet frames. So, this option is disabled.
• Never route traffic on this bridge-pair – enabled. When enabled, this option prevents packets from being routed to a network other than the peer network of the bridged pair. So, this option is enabled.
• Only sniff traffic on this bridge-pair – disabled. When enabled, traffic received on the bridge-pair interface is never forwarded. So, this option is disabled.
• Disable stateful-inspection on this bridge-pair – unchanged. This option is not affected.

To configure an L2 bypass

1. Navigate to NETWORK | System > Interfaces.
2. Click the Edit icon in the Configure column for the interface you want to configure. The Edit Interface dialog displays.

3. Select Engage physical bypass on malfunction.

   The Engage physical bypass on malfunction option is available only when the X0 and X1 interfaces are bridged together on an NSA-6600 or above.

4. Click OK.