Support User Manuals

SonicWALL 5.8.1 Microscope & Magnifier User Manual

Open as PDF

of 1490

Network > Interfaces

258

SonicOS 5.8.1 Administrator Guide

VPN Integration with Layer 2 Bridge Mode

When configuring a VPN on an interface that is also configured for Layer 2 Bridge mode, you

must configure an additional route to ensure that incoming VPN traffic properly traverses the

SonicWALL security appliance. Navigate to the Network > Routing page, scroll to the bottom

of the page, and click on the Add button. In the Add Route Policy window, configure the route

as follows:

• Source: ANY

• Destination: custom-VPN-address-object (This is the address object for the local VPN

tunnel IP address range.)

• Service: ANY

• Gateway: 0.0.0.0

• Interface: X0

Configuring IPS Sniffer Mode

To configure the SonicWALL NSA appliance for IPS Sniffer Mode, you will use two interfaces

in the same zone for the L2 Bridge-Pair. You can use any interfaces except the WAN interface.

For this example, we will use X2 and X3 for the Bridge-Pair, and configure them to be in the

LAN zone. The WAN interface (X1) is used by the SonicWALL appliance for access to the

SonicWALL Data Center as needed. The mirrored port on the switch will connect to one of the

interfaces in the Bridge-Pair.

This section contains the following topics:

• “Configuration Task List for IPS Sniffer Mode” on page 258

• “Configuring the Primary Bridge Interface” on page 259

• “Configuring the Secondary Bridge Interface” on page 259

• “Enabling and Configuring SNMP” on page 260

• “Configuring Security Services (Unified Threat Management)” on page 262

• “Configuring Logging” on page 262

• “Connecting the Mirrored Switch Port to a IPS Sniffer Mode Interface” on page 262

• “Connecting and Configuring the WAN Interface to the Data Center” on page 262

Configuration Task List for IPS Sniffer Mode

• Configure the Primary Bridge Interface

–

Select LAN as the Zone for the Primary Bridge Interface

–

Assign a static IP address

• Configure the Secondary Bridge Interface

–

Select LAN as the Zone for the Secondary Bridge Interface

–

Enable the L2 Bridge to the Primary Bridge interface

• Enable SNMP and configure the IP address of the SNMP manager system where traps can

be sent

• Configure Security Services (UTM) for LAN traffic

• Configure logging alert settings to “Alert” or below

previous next