Filter
Top Products
Network > Interfaces
188
SonicOS 5.8.1 Administrator Guide
Zones are the hierarchical apex of SonicOS Enhanced’s secure objects architecture. SonicOS
Enhanced includes predefined zones as well as allow you to define your own zones. Predefined
zones include LAN, DMZ, WAN, WLAN, and Custom. Zones can include multiple interfaces,
however, the WAN zone is restricted to a total of two interfaces. Within the WAN zone, either
one or both WAN interfaces can be actively passing traffic depending on the WAN Failover and
Load Balancing configuration on the Network > WAN Failover & LB page.
For more information on WAN Failover and Load Balancing on the SonicWALL security
appliance, see “Network > Failover & Load Balancing” on page 275.
At the zone configuration level, the Allow Interface Trust setting for zones automates the
processes involved in creating a permissive intra-zone Access Rule. It creates a
comprehensive Address Object for the entire zone and a inclusively permissive Access Rule
from zone address to zone addresses.
Transparent Mode
Transparent Mode in SonicOS Enhanced uses interfaces as the top level of the management
hierarchy. Transparent Mode supports unique addressing and interface routing.
Layer 2 Bridge Mode
SonicOS Enhanced firmware versions 4.0 and higher includes L2 (Layer 2) Bridge Mode, a
new method of unobtrusively integrating a SonicWALL security appliance into any Ethernet
network. L2 Bridge Mode is ostensibly similar to SonicOS Enhanced’s Transparent Mode in
that it enables a SonicWALL security appliance to share a common subnet across two
interfaces, and to perform stateful and deep-packet inspection on all traversing IP traffic, but it
is functionally more versatile.
In particular, L2 Bridge Mode employs a secure learning bridge architecture, enabling it to pass
and inspect traffic types that cannot be handled by many other methods of transparent security
appliance integration. Using L2 Bridge Mode, a SonicWALL security appliance can be non-
disruptively added to any Ethernet network to provide in-line deep-packet inspection for all
traversing IPv4 TCP and UDP traffic. In this scenario the SonicWALL UTM appliance is not
used for security enforcement, but instead for bidirectional scanning, blocking viruses and
spyware, and stopping intrusion attempts.
Unlike other transparent solutions, L2 Bridge Mode can pass all traffic types, including IEEE
802.1Q VLANs (on SonicWALL NSA appliances), Spanning Tree Protocol, multicast,
broadcast, and IPv6, ensuring that all network communications will continue uninterrupted.
Another aspect of the versatility of L2 Bridge Mode is that you can use it to configure IPS
Sniffer Mode. Supported on SonicWALL NSA series appliances, IPS Sniffer Mode uses a
single interface of a Bridge-Pair to monitor network traffic from a mirrored port on a switch. IPS
Sniffer Mode provides intrusion detection, but cannot block malicious traffic because the
SonicWALL security appliance is not connected inline with the traffic flow. For more information
about IPS Sniffer Mode, see “IPS Sniffer Mode” on page 214.
L2 Bridge Mode provides an ideal solution for networks that already have an existing firewall,
and do not have immediate plans to replace their existing firewall but wish to add the security
of SonicWALL Unified Threat Management (UTM) deep-packet inspection, such as Intrusion
Prevention Services, Gateway Anti Virus, and Gateway Anti Spyware. If you do not have
SonicWALL UTM security services subscriptions, you may sign up for free trials from the
Security Service > Summary page of your SonicWALL.