SonicOSX 7 System

Inline Layer 2 Bridged Mode

This method is useful in networks where there is an existing appliance that remains in place, but you wish to utilize the appliance’s security services without making major changes to the network. By placing the appliance in Layer 2 Bridged Mode, the X0 and X1 interfaces become part of the same broadcast domain/network (that of the X1 WAN interface).

This example refers to an appliance installed in a Hewlett Packard ProCurve switching environment. SonicWall is a member of HP’s ProCurve Alliance – more details can be found at the following location: https://www.hpe.com/us/en/networking.html.

HP’s ProCurve Manager Plus (PCM+) and HP Network Immunity Manager (NIM) server software packages can be used to manage the switches as well as some aspects of the appliance.

To configure inline Layer 2 bridged mode

  1. Navigate to NETWORK | System > Interfaces.
  2. Click the Configure icon for the X0 LAN interface.
  3. On the Edit Interface dialog, set the IP Assignment to Layer 2 Bridged Mode (IP Route Option). The options change.
  4. Set the Bridged To: interface to X1.
  5. To block all non-IP traffic on the bridged pair, select Block all non-IP traffic. This option is not selected by default.
  6. To prevent traffic from being routed on the bridged pair, select Never route traffic on this bridge-pair. This option is not selected by default.
  7. To only sniff traffic on the bridged pair, select Only sniff traffic on this bridge-pair. This option is not selected by default.
  8. To prevent stateful inspection on the bridged pair, select Disable stateful-inspection on this bridge-pair. This option is not selected by default.
  9. Ensure the interface is configured for HTTPS and SNMP so it can be managed from the DMZ by PCM+/NIM.
  10. Configure the remaining options normally.
  11. Click OK to save and activate the change.

You also need to make sure to modify the Access Rules to allow traffic from the LAN to WAN, and from the WAN to the LAN, otherwise traffic cannot pass successfully. You might also need to modify routing information on your firewall if your PCM+/NIM server is placed on the DMZ.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden