Filter
Top Products
Network > Interfaces
191
SonicOS 5.8.1 Administrator Guide
does not preclude an interface from conventional behavior; for example, if X1 is configured
as a Primary Bridge Interface paired to X3 as a Secondary Bridge Interface, X1 can
simultaneously operate in its traditional role as the Primary WAN, performing NAT for
Internet-bound traffic through the Auto-added X1 Default NAT Policy.
• Primary Bridge Interface – A designation that is assigned to an interface once a
Secondary Bridge Interface has been paired to it. A Primary Bridge Interface can belong to
an Untrusted (WAN), Trusted (LAN), or Public (DMZ) zone.
• Secondary Bridge Interface – A designation that is assigned to an interface whose IP
Assignment has been configured for Layer 2 Bridge Mode. A Secondary Bridge Interface
can belong to a Trusted (LAN), or Public (DMZ) zone.
• Bridge Management Address – The address of the Primary Bridge Interface is shared by
both interfaces of the Bridge-Pair. If the Primary Bridge Interface also happens to be the
Primary WAN interface, it is this address that is uses for outbound communications by the
SonicWALL, such as NTP, and License Manager updates. Hosts that are connected to
either segment of the Bridge-Pair may also use the Bridge Management Address as their
gateway, as will be common in Mixed-Mode deployments.
• Bridge-Partner – The term used to refer to the ‘other’ member of a Bridge-Pair.
• Non-IPv4 Traffic - SonicOS Enhanced supports the following IP protocol types: ICMP (1),
IGMP (2), TCP (6), UDP (17), GRE (47), ESP (50), AH (51), EIGRP (88), OSPF (89), PIM-
SM (103), L2TP (115). More esoteric IP types, such as Combat Radio Transport Protocol
(126), are not natively handled by the SonicWALL, nor are non-IPv4 traffic types such as
IPX or (currently) IPv6. L2 Bridge Mode can be configured to either pass or drop Non-IPv4
traffic.
• Captive-Bridge Mode – This optional mode of L2 Bridge operation prevents traffic that has
entered an L2 bridge from being forwarded to a non-Bridge-Pair interface. By default, L2
Bridge logic will forward traffic that has entered the L2 Bridge to its destination along the
most optimal path as determined by ARP and routing tables. In some cases, the most
optimal path might involve routing or NATing to a non-Bridge-Pair interface. Activating
Captive-Bridge mode ensures that traffic which enters an L2 Bridge exits the L2 Bridge
rather than taking its most logically optimal path. In general, this mode of operation is only
required in complex networks with redundant paths, where strict path adherence is
required. Captive-Bridge Mode is enabled by selecting the Never route traffic on this
bridge-pair checkbox on the Edit Interface window.
• Pure L2 Bridge Topology – Refers to deployments where the SonicWALL will be used
strictly in L2 Bridge Mode for the purposes of providing in-line security to a network. This
means that all traffic entering one side of the Bridge-Pair will be bound for the other side,
and will not be routed/NATed through a different interface. This will be common in cases
where there is an existing perimeter security appliance, or where in-line security is desired
along some path (for example, inter-departmentally, or on a trunked link between two
switches) of an existing network. Pure L2 Bridge Topology is not a functional limitation, but
rather a topological description of a common deployment in heterogeneous environments.
• Mixed-Mode Topology – Refers to deployments where the Bridge-Pair will not will not be
the only point of ingress/egress through the SonicWALL. This means that traffic entering
one side of the Bridge-Pair may be destined to be routed/NATed through a different
interface. This will be common when the SonicWALL is simultaneously used to provide
security to one or more Bridge-Pair while also providing:
–
Perimeter security, such as WAN connectivity, to hosts on the Bridge-Pair or on other
interfaces.
–
Firewall and Security services to additional segments, such as Trusted (LAN) or Public
(DMZ) interface, where communications will occur between hosts on those segments
and hosts on the Bridge-Pair.