SonicOSX 7 System
- SonicOSX 7
- Interfaces
- About Interfaces
- Interface Settings IPv4
- Adding Virtual Interfaces
- Configuring Routed Mode
- Enabling Bandwidth Management on an Interface
- Configuring Interfaces in Transparent IP Mode (Splice L3 Subnet)
- Configuring Wireless Interfaces
- Configuring WAN Interfaces
- Configuring Tunnel Interfaces
- Configuring VPN Tunnel Interfaces
- Configuring Link Aggregation and Port Redundancy
- Configuring One Arm Mode
- Configuring an IPS Sniffer Mode Appliance
- Configuring Security Services (Unified Threat Management)
- Configuring Wire and Tap Mode
- Layer 2 Bridged Mode
- Key Features of SonicOSX Layer 2 Bridged Mode
- Key Concepts to Configuring L2 Bridged Mode and Transparent Mode
- Comparing L2 Bridged Mode to Transparent Mode
- Comparison of L2 Bridged Mode to Transparent Mode
- Benefits of Transparent Mode over L2 Bridged Mode
- ARP in Transparent Mode
- VLAN Support in Transparent Mode
- Multiple Subnets in Transparent Mode
- Non-IPv4 Traffic in Transparent Mode
- ARP in L2 Bridged Mode
- VLAN Support in L2 Bridged Mode
- L2 Bridge IP Packet Path
- Multiple Subnets in L2 Bridged Mode
- Non-IPv4 Traffic in L2 Bridged Mode
- L2 Bridge Path Determination
- L2 Bridge Interface Zone Selection
- Sample Topologies
- Configuring Network Interfaces and Activating L2B Mode
- Configuring Layer 2 Bridged Mode
- Asymmetric Routing
- Configuring Interfaces for IPv6
- 31-Bit Network Settings
- PPPoE Unnumbered Interface Support
- Failover & LB
- Neighbor Discovery
- ARP
- MAC IP Anti-Spoof
- Web Proxy
- VLAN Translation
- IP Helper
- Dynamic Routing
- DHCP Server
- Configuring a DHCP Server
- Configuring Advanced Options
- Configuring DHCP Option Objects
- Configuring DHCP Option Groups
- Configuring a Trusted DHCP Relay Agent Address Group (IPv4 Only)
- Enabling Trusted DHCP Relay Agents
- Configuring IPv4 DHCP Servers for Dynamic Ranges
- Configuring IPv6 DHCP Servers for Dynamic Ranges
- Configuring IPv4 DHCP Static Ranges
- Configuring IPv6 DHCP Static Ranges
- Configuring DHCP Generic Options for DHCP Lease Scopes
- DHCP and IPv6
- Multicast
- Network Monitor
- AWS Configuration
- SonicWall Support
Inline Layer 2 Bridged Mode
This method is useful in networks where there is an existing appliance that remains in place, but you wish to utilize the appliance’s security services without making major changes to the network. By placing the appliance in Layer 2 Bridged Mode, the X0 and X1 interfaces become part of the same broadcast domain/network (that of the X1 WAN interface).
This example refers to an appliance installed in a Hewlett Packard ProCurve switching environment. SonicWall is a member of HP’s ProCurve Alliance – more details can be found at the following location: https://www.hpe.com/us/en/networking.html.
HP’s ProCurve Manager Plus (PCM+) and HP Network Immunity Manager (NIM) server software packages can be used to manage the switches as well as some aspects of the appliance.
To configure inline Layer 2 bridged mode
- Navigate to NETWORK | System > Interfaces.
- Click the Configure icon for the X0 LAN interface.
- On the Edit Interface dialog, set the IP Assignment to Layer 2 Bridged Mode (IP Route Option). The options change.
- Set the Bridged To: interface to X1.
- To block all non-IP traffic on the bridged pair, select Block all non-IP traffic. This option is not selected by default.
- To prevent traffic from being routed on the bridged pair, select Never route traffic on this bridge-pair. This option is not selected by default.
- To only sniff traffic on the bridged pair, select Only sniff traffic on this bridge-pair. This option is not selected by default.
- To prevent stateful inspection on the bridged pair, select Disable stateful-inspection on this bridge-pair. This option is not selected by default.
- Ensure the interface is configured for HTTPS and SNMP so it can be managed from the DMZ by PCM+/NIM.
- Configure the remaining options normally.
- Click OK to save and activate the change.
You also need to make sure to modify the Access Rules to allow traffic from the LAN to WAN, and from the WAN to the LAN, otherwise traffic cannot pass successfully. You might also need to modify routing information on your firewall if your PCM+/NIM server is placed on the DMZ.
Was This Article Helpful?
Help us to improve our support portal