Filter
Top Products
Network > Interfaces
209
SonicOS 5.8.1 Administrator Guide
b. Security services directionality would be classified as Outgoing for traffic from the
Workstations to the Server since the traffic would have a Trusted source zone and a
Public destination zone. This might be sub-optimal since it would provide less scrutiny
than the Incoming or (ideally) Trust classifications.
• Security services directionality would be classified as Trust, and all signatures (Incoming,
Outgoing, and Bidirectional) will be applied, providing the highest level of security to/from
both segments.
For detailed instructions on configuring interfaces in Layer 2
Bridge Mode, see “Configuring
Layer 2 Bridge Mode” on page 247
Layer 2 Bridge Mode with High Availability
This method is appropriate in networks where both High Availability and Layer 2 Bridge Mode
are desired. This example is for SonicWALL NSA series appliances, and assumes the use of
switches with VLANs configured.
The SonicWALL HA pair consists of two SonicWALL NSA 3500 appliances, connected together
on port X5, the designated HA port. Port X1 on each appliance is configured for normal WAN
connectivity and is used for access to the management interface of that device. Layer 2 Bridge
Mode is implemented with port X0 bridged to port X2.
Core
Switch - HP 100z
Edge
Switch - HP 3500yl
HP ProCurve
Switch
Server
Third-party Firewall
Third-party Firewall
D24
C24
Port 24
Port 23
VLAN 100 Tagged
VLAN 100 172.27.100./21
VLAN 200 172.27.200./21
IP Routing Enabled
VLAN 100 tagged on ports
C2-1 and D2-1
VLAN 200 used to test routing
status during failover
NSA 3500 HA Pair
Layer 2 Bridge Mode
X0 bridged to X2
X1 left as WAN with
management
IP address to access UI
VLAN 100 - tagged on ports
23 and 24
VLAN 100 172.27.100.20/24
X5 HA Link