Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 5929 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge mode and bridging interface

Sims Ma

Hi,

I'm a newbie in firewall.sorry for asking a basic level question

Bridge mode and bridging interface are same?

Or to bridge interface firewall should be in bridge mode

Please.give a use case scenario  for bridging interfaces and bridge mode

Thanks 



This thread was automatically locked due to age.
  • 0

    You can set up a bridge interface over physical and virtual interfaces.

    Bridges enable you to configure transparent subnet gateways. You can create bridge interfaces with or without an IP address assigned to them.

    Sophos Firewall drops traffic related to bridge interfaces without an IP address if the traffic matches a firewall rule with web proxy filtering or if it matches a NAT rule. These dropped packets aren't logged. To prevent NAT rules from causing the traffic to drop, you need to specify the override source translation setting.

    To turn on routing on a bridge interface, you must assign an IP address to it. You can't turn on VLAN filtering on routed traffic.

    To allow traffic between bridged interfaces, you must create a firewall rule allowing traffic between the zones assigned to the interfaces. For example, for bridged interfaces configured with LAN zones, create a firewall rule to allow traffic from LAN to LAN.

    You can create bridge interfaces in the following setups:

    • Bridge over physical interfaces, such as ports and RED devices.
    • Bridge over virtual interfaces, such as VLANs and LAGs. The VLAN can be on a physical or virtual interface. It can also be on physical interfaces that are bridge members.

    You can turn on STP (Spanning Tree Protocol) to prevent bridge loops, which occur due to redundant paths. You can filter VLAN traffic passing through a bridge interface based on the VLAN IDs. Additionally, you can filter Ethernet frames based on the EtherTypes.

    Deploy in bridge mode

    Video : Sophos XG Bridge Mode

    -----------------------

    Thank & Regards,

    Nilesh Mojidra

    If a post solves your question, use the 'Verify Answer' link.

  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Sims Ma said:
    Bridge mode and bridging interface are same?

    These are 2 different terms used for Bridge mode/interface.

    Here is a simple example of bridge mode,

    Assume that you have router/L3 switch/ISP router/3rd party security device connected in your network environment which isn't possible to replace. By deploying XG firewall in bridge mode you can add security to your network without changing the existing network configuration.

    Click here to know more information on 'Bridge interfaces'.

    Click here to know more information on 'Add a bridge interface'.

  • 0 in reply to FormerMember

    Hi

    Thanks for the reply. 

    Bridge mode is same as transparent? 

    In a real case scenario when do I need to bridge two interface?

    Thanks

  • 0 in reply to Sims Ma

    Hi,

    if you have a larger number of users or very high load from a device, in reality for home use not really.

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    Thanks for the  reply . 

    could you please brief large number  of users and   bridging interface  has any relation 

    Thanks

  • 0 in reply to Sims Ma

    Depends on size of XG hardware you are running,  200 on  a segment would be a very busy segment so you mightt split the users of 2 or 3 segments (interface) to share common resources like printers VoIP servers etc.

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML