SonicWALL 5.8.1 Manuale Utente

Security services directionality would be classified as Outgoing for traffic from the 
Workstations to the Server since the traffic would have a Trusted source zone and a 
Public destination zone. This might be sub-optimal since it would provide less scrutiny 
than the Incoming or (ideally) Trust classifications. 

Security services directionality would be classified as Trust, and all signatures (Incoming, 
Outgoing, and Bidirectional) will be applied, providing the highest level of security to/from 
both segments.

For detailed instructions on configuring interfaces in Layer 2 Bridge Mode, see 

This method is appropriate in networks where both High Availability and Layer 2 Bridge Mode 
are desired. This example is for SonicWALL NSA series appliances, and assumes the use of 
switches with VLANs configured.

The SonicWALL HA pair consists of two SonicWALL NSA 3500 appliances, connected together 
on port X5, the designated HA port. Port X1 on each appliance is configured for normal WAN 
connectivity and is used for access to the management interface of that device. Layer 2 Bridge 
Mode is implemented with port X0 bridged to port X2.

Core
Switch - HP 100z

Edge
Switch - HP 3500yl

HP ProCurve
Switch

Server

Third-party Firewall

Third-party Firewall

D24

C24

Port 24

Port 23

VLAN 100 

Tagged

VLAN 100 172.27.100./21
VLAN 200 172.27.200./21
IP Routing Enabled
VLAN 100 tagged on ports 
   C2-1 and D2-1
VLAN 200 used to test routing 
   status during failover

NSA 3500 HA Pair
Layer 2 Bridge Mode
X0 bridged to X2
X1 left as WAN with 
   management
IP address to access UI

VLAN 100 - tagged on ports
   23 and 24

VLAN 100 172.27.100.20/24

X5 HA Link