Filter
Top Products
Network > Interfaces
215
SonicOS 5.8.1 Administrator Guide
The WAN interface of the SonicWALL is used to connect to the SonicWALL Data Center for
signature updates or other data.
In IPS Sniffer Mode, a Layer 2 Bridge is configured between two interfaces in the same zone
on the SonicWALL, such as LAN-LAN or DMZ-DMZ. You can also create a custom zone to use
for the Layer 2 Bridge. Only the WAN zone is not appropriate for IPS Sniffer Mode.
The reason for this is that SonicOS detects all signatures on traffic within the same zone such
as LAN-LAN traffic, but some directional specific (client-side versus server-side) signatures do
not apply to some LAN-WAN cases.
Either interface of the Layer 2 Bridge can be connected to the mirrored port on the switch. As
network traffic traverses the switch, the traffic is also sent to the mirrored port and from there
into the SonicWALL for deep packet inspection. Malicious events trigger alerts and log entries,
and if SNMP is enabled, SNMP traps are sent to the configured IP address of the SNMP
manager system. The traffic does not actually continue to the other interface of the Layer 2
Bridge. IPS Sniffer Mode does not place the SonicWALL appliance inline with the network
traffic, it only provides a way to inspect the traffic.
The Edit Interfaces screen available from the Network > Interfaces page provides a new
checkbox called Only sniff traffic on this bridge-pair for use when configuring IPS Sniffer
Mode. When selected, this checkbox causes the SonicWALL to inspect all packets that arrive
on the L2 Bridge from the mirrored switch port. The Never route traffic on this bridge-pair
E7500
WAN Port
Data Center Access
Main
Mirrored Data
Gateway