cancel
Showing results for 
Search instead for 
Did you mean: 

Transparent (Bridge) mode

Hi team,

Can I configure MFE for Transparent mode, when internal_network have two interfaces.

That mean, I use three interfaces in Brigde mode.

MFE device in this case : S1104.

7 Replies
mtuma
Level 13
Report Inappropriate Content
Message 2 of 8

Re: Transparent (Bridge) mode

Hello,

I believed that three interfaces in a bridge were possible, but just to confirm, I searched and found this in the 8.3.2 Product Guide:

In transparent (bridged) mode, two or more firewall interfaces are connected inside a single network and bridged to form a transparent interface.

So yes it is possible.

-Matt

Re: Transparent (Bridge) mode

Hi Mutuma,

Thanks for reply,

I tried configure three interface in a bridge mode, save OK.

However, there is only one interface in internal_network working and connect to external_network.

The version of My firewall is 8.3.1.  I will upgraded to 8.3.2 and try again.  I hope that it doing well 

mtuma
Level 13
Report Inappropriate Content
Message 4 of 8

Re: Transparent (Bridge) mode

Hello,

While it is a good idea to run 8.3.2, I do not believe this will solve your problem. Do you have details about why the other interfaces are failing?

-Matt

Re: Transparent (Bridge) mode

Hi,

I tried with 8.3.2. it's not work.

Default, in transparent (bridged) mode, members of the bridge group are the following interface:

     -  External_network

     -  Internal_network

I can choose to more than interfaces (eg: internal_02, internal_03) in the bridge group. However, only INTERNAL_NETWORK interface which is connected to EXTERNAL (internet zone).

I have captured my screen when I switching from INTERNAL_NETWORK interface to INTERNAL_02.

The policy is allow All.

mtuma
Level 13
Report Inappropriate Content
Message 6 of 8

Re: Transparent (Bridge) mode

Hello,

Can you provide more information about it not working? Have you run any tcpdumps? Is there any messages in the audit?

-Matt

Highlighted
sliedl
Level 14
Report Inappropriate Content
Message 7 of 8

Re: Transparent (Bridge) mode

You can use these commands to help you troubleshoot:

$> region

-- Shows you the zone numbers for each zone name.  The next commands only display the zone number from 'region.'

$> ifconfig bridge0 addr

-- Lists the addresses learned by the bridge and shows which interface in the bridge saw that IP/MAC combination

$> ifconfig bridge0 flush

-- Flushes all the learned addressses

$> ifconfig bridge0 maxaddr [size]

-- The default size is 100 entries in the bridge table.  You may or may not have to increase this someday.

$> arp -an

-- Shows your arp table

$> route -n get [IP address]

-- Shows which interface a packet would go if it is destined for [IP address]

You should call into Support if you do not know how to use all of these commands, along with tcpdump, to troubleshoot the connection.  Unless you are at the latest version of code, the audit will not be helpful for you here (the latest versions added audits to help diagnosing bridge issues).

Re: Transparent (Bridge) mode

Hi Mtuma, Siedl

IT worked  when I run command:

$> ifconfig bridge0 flush

Thanks for support.


More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community