Справочник Пользователя для SonicWALL 5.8.1
Network > Interfaces
258
SonicOS 5.8.1 Administrator Guide
VPN Integration with Layer 2 Bridge Mode
When configuring a VPN on an interface that is also configured for Layer 2 Bridge mode, you
must configure an additional route to ensure that incoming VPN traffic properly traverses the
SonicWALL security appliance. Navigate to the Network > Routing page, scroll to the bottom
of the page, and click on the Add button. In the Add Route Policy window, configure the route
as follows:
must configure an additional route to ensure that incoming VPN traffic properly traverses the
SonicWALL security appliance. Navigate to the Network > Routing page, scroll to the bottom
of the page, and click on the Add button. In the Add Route Policy window, configure the route
as follows:
•
Source: ANY
•
Destination: custom-VPN-address-object (This is the address object for the local VPN
tunnel IP address range.)
tunnel IP address range.)
•
Service: ANY
•
Gateway: 0.0.0.0
•
Interface: X0
Configuring IPS Sniffer Mode
To configure the SonicWALL NSA appliance for IPS Sniffer Mode, you will use two interfaces
in the same zone for the L2 Bridge-Pair. You can use any interfaces except the WAN interface.
For this example, we will use X2 and X3 for the Bridge-Pair, and configure them to be in the
LAN zone. The WAN interface (X1) is used by the SonicWALL appliance for access to the
SonicWALL Data Center as needed. The mirrored port on the switch will connect to one of the
interfaces in the Bridge-Pair.
in the same zone for the L2 Bridge-Pair. You can use any interfaces except the WAN interface.
For this example, we will use X2 and X3 for the Bridge-Pair, and configure them to be in the
LAN zone. The WAN interface (X1) is used by the SonicWALL appliance for access to the
SonicWALL Data Center as needed. The mirrored port on the switch will connect to one of the
interfaces in the Bridge-Pair.
This section contains the following topics:
•
•
•
•
•
•
•
•
Configuration Task List for IPS Sniffer Mode
•
Configure the Primary Bridge Interface
–
Select LAN as the Zone for the Primary Bridge Interface
–
Assign a static IP address
•
Configure the Secondary Bridge Interface
–
Select LAN as the Zone for the Secondary Bridge Interface
–
Enable the L2 Bridge to the Primary Bridge interface
•
Enable SNMP and configure the IP address of the SNMP manager system where traps can
be sent
be sent
•
Configure Security Services (UTM) for LAN traffic
•
Configure logging alert settings to “Alert” or below