Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 40 subscribers
  • Views 5931 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bridge mode and bridging interface

Sims Ma

Hi,

I'm a newbie in firewall.sorry for asking a basic level question

Bridge mode and bridging interface are same?

Or to bridge interface firewall should be in bridge mode

Please.give a use case scenario  for bridging interfaces and bridge mode

Thanks 



This thread was automatically locked due to age.
Parents
  • 0

    You can set up a bridge interface over physical and virtual interfaces.

    Bridges enable you to configure transparent subnet gateways. You can create bridge interfaces with or without an IP address assigned to them.

    Sophos Firewall drops traffic related to bridge interfaces without an IP address if the traffic matches a firewall rule with web proxy filtering or if it matches a NAT rule. These dropped packets aren't logged. To prevent NAT rules from causing the traffic to drop, you need to specify the override source translation setting.

    To turn on routing on a bridge interface, you must assign an IP address to it. You can't turn on VLAN filtering on routed traffic.

    To allow traffic between bridged interfaces, you must create a firewall rule allowing traffic between the zones assigned to the interfaces. For example, for bridged interfaces configured with LAN zones, create a firewall rule to allow traffic from LAN to LAN.

    You can create bridge interfaces in the following setups:

    • Bridge over physical interfaces, such as ports and RED devices.
    • Bridge over virtual interfaces, such as VLANs and LAGs. The VLAN can be on a physical or virtual interface. It can also be on physical interfaces that are bridge members.

    You can turn on STP (Spanning Tree Protocol) to prevent bridge loops, which occur due to redundant paths. You can filter VLAN traffic passing through a bridge interface based on the VLAN IDs. Additionally, you can filter Ethernet frames based on the EtherTypes.

    Deploy in bridge mode

    Video : Sophos XG Bridge Mode

    -----------------------

    Thank & Regards,

    Nilesh Mojidra

    If a post solves your question, use the 'Verify Answer' link.

Reply
  • 0

    You can set up a bridge interface over physical and virtual interfaces.

    Bridges enable you to configure transparent subnet gateways. You can create bridge interfaces with or without an IP address assigned to them.

    Sophos Firewall drops traffic related to bridge interfaces without an IP address if the traffic matches a firewall rule with web proxy filtering or if it matches a NAT rule. These dropped packets aren't logged. To prevent NAT rules from causing the traffic to drop, you need to specify the override source translation setting.

    To turn on routing on a bridge interface, you must assign an IP address to it. You can't turn on VLAN filtering on routed traffic.

    To allow traffic between bridged interfaces, you must create a firewall rule allowing traffic between the zones assigned to the interfaces. For example, for bridged interfaces configured with LAN zones, create a firewall rule to allow traffic from LAN to LAN.

    You can create bridge interfaces in the following setups:

    • Bridge over physical interfaces, such as ports and RED devices.
    • Bridge over virtual interfaces, such as VLANs and LAGs. The VLAN can be on a physical or virtual interface. It can also be on physical interfaces that are bridge members.

    You can turn on STP (Spanning Tree Protocol) to prevent bridge loops, which occur due to redundant paths. You can filter VLAN traffic passing through a bridge interface based on the VLAN IDs. Additionally, you can filter Ethernet frames based on the EtherTypes.

    Deploy in bridge mode

    Video : Sophos XG Bridge Mode

    -----------------------

    Thank & Regards,

    Nilesh Mojidra

    If a post solves your question, use the 'Verify Answer' link.

Children
No Data
Unfiltered HTML