While Transparent Mode allows a security appliance running SonicOS Enhanced to be
introduced into an existing network without the need for re-addressing, it presents a certain
level of disruptiveness, particularly with regard to ARP, VLAN support, multiple subnets, and
non-IPv4 traffic types. Consider the diagram below, in a scenario where a Transparent Mode
SonicWALL appliance has just been added to the network with a goal of minimally disruptive
integration, particularly:

•

Negligible or no unscheduled downtime

•

No need to re-address any portion of the network

•

No need reconfigure or otherwise modify the gateway router (as is common when the router
is owned by the ISP)

ARP in Transparent Mode

ARP – Address Resolution Protocol (the mechanism by which unique hardware addresses on
network interface cards are associated to IP addresses) is proxied in Transparent Mode. If the
Workstation on Server on the left had previously resolved the Router (192.168.0.1) to its MAC
address 00:99:10:10:10:10, this cached ARP entry would have to be cleared before these hosts
could communicate through the SonicWALL. This is because the SonicWALL proxies (or
answers on behalf of) the gateway’s IP (192.168.0.1) for hosts connected to interfaces
operating in Transparent Mode. So when the Workstation at the left attempts to resolve
192.168.0.1, the ARP request it sends is responded to by the SonicWALL with its own X0 MAC
address (00:06:B1:10:10:10).

The SonicWALL also proxy ARPs the IP addresses specified in the Transparent Range
(192.168.0.100 to 192.168.0.250) assigned to an interface in Transparent Mode for ARP
requests received on the X1 (Primary WAN) interface. If the Router had previously resolved the
Server (192.168.0.100) to its MAC address 00:AA:BB:CC:DD:EE, this cached ARP entry would
have to be cleared before the router could communicate with the host through the SonicWALL.
This typically requires a flushing of the router’s ARP cache either from its management