SonicWALL 5.8.1 Manuale Utente
Network > Interfaces
199
SonicOS 5.8.1 Administrator Guide
Benefits of Transparent Mode over L2 Bridge Mode
The following are circumstances in which Transparent Mode might be preferable over L2 Bridge
Mode:
Mode:
•
Two interfaces are the maximum allowed in an L2 Bridge Pair. If more than two interfaces
are required to operate on the same subnet, Transparent Mode should be considered.
are required to operate on the same subnet, Transparent Mode should be considered.
•
PortShield interface may not operate within an L2 Bridge Pair. If PortShield interfaces are
required to operate on the same subnet, Transparent Mode should be considered.
required to operate on the same subnet, Transparent Mode should be considered.
•
VLAN subinterfaces, supported on SonicWALL NSA series appliances, may not operate
within an L2 Bridge Pair. If VLAN subinterfaces are required to operate on the same subnet,
Transparent Mode should be considered. It is, however, possible to configure a VLAN
subinterface on an interface that is part of a Bridge-Pair; the subinterface will simply
operate independently on the Bridge-Pair in every respect.
within an L2 Bridge Pair. If VLAN subinterfaces are required to operate on the same subnet,
Transparent Mode should be considered. It is, however, possible to configure a VLAN
subinterface on an interface that is part of a Bridge-Pair; the subinterface will simply
operate independently on the Bridge-Pair in every respect.
Comparing L2 Bridge Mode to the CSM Appliance
L2 Bridge Mode is more similar in function to the CSM than it is to Transparent Mode, but it
differs from the current CSM behavior in that it handles VLANs and non-IPv4 traffic types, which
the CSM does not. Future versions of the SonicOS CF Software for the CSM will likely adopt
the more versatile traffic handling capabilities of L2 Bridge Mode.
differs from the current CSM behavior in that it handles VLANs and non-IPv4 traffic types, which
the CSM does not. Future versions of the SonicOS CF Software for the CSM will likely adopt
the more versatile traffic handling capabilities of L2 Bridge Mode.
Stateful Packet
Inspection
Inspection
Full stateful packet inspection will be
applied to all IPv4 traffic traversing the L2
Bridge for all subnets, including VLAN traffic
on SonicWALL NSA series appliances.
applied to all IPv4 traffic traversing the L2
Bridge for all subnets, including VLAN traffic
on SonicWALL NSA series appliances.
Full stateful packet inspection will applied
to traffic from/to the subnets defined by
Transparent Mode Address Object
assignment.
to traffic from/to the subnets defined by
Transparent Mode Address Object
assignment.
Security services
All security services (GAV, IPS, Anti-Spy,
CFS) are fully supported. All regular IP
traffic, as well as all 802.1Q encapsulated
VLAN traffic.
CFS) are fully supported. All regular IP
traffic, as well as all 802.1Q encapsulated
VLAN traffic.
All security services (GAV, IPS, Anti-Spy,
CFS) are fully supported from/to the
subnets defined by Transparent Mode
Address Object assignment.
CFS) are fully supported from/to the
subnets defined by Transparent Mode
Address Object assignment.
Broadcast traffic
Broadcast traffic is passed from the
receiving Bridge-Pair interface to the
Bridge-Partner interface.
receiving Bridge-Pair interface to the
Bridge-Partner interface.
Broadcast traffic is dropped and logged,
with the possible exception of NetBIOS
which can be handled by IP Helper.
with the possible exception of NetBIOS
which can be handled by IP Helper.
Multicast traffic
Multicast traffic is inspected and passed
across L2 Bridge-Pairs providing Multicast
has been activated on the Firewall >
Multicast page. It is not dependent upon
IGMP messaging, nor is it necessary to
enable multicast support on the individual
interfaces.
across L2 Bridge-Pairs providing Multicast
has been activated on the Firewall >
Multicast page. It is not dependent upon
IGMP messaging, nor is it necessary to
enable multicast support on the individual
interfaces.
Multicast traffic, with IGMP dependency, is
inspected and passed by Transparent
Mode providing Multicast has been
activated on the Firewall > Multicast page,
and multicast support has been enabled on
the relevant interfaces.
inspected and passed by Transparent
Mode providing Multicast has been
activated on the Firewall > Multicast page,
and multicast support has been enabled on
the relevant interfaces.