8 Replies Latest reply on Jan 30, 2012 2:41 AM by asabban

    Transparent Bridge Mode

      What are the correct settings for Transparent Bridge mode?

      I have a MGW that I want to physically place between a router (Default gateway) and a Firewall;

       

      Network =>> 192.168.X.0/24  Router  ==>>(eth0) MGW (eth1) ==>> 192.168.254.0/24 ==>> Firewall ==>>Cloud/Inet

      several Subnets fill the spot of X

       

      What would be the configuration Settings , under Proxies;

      Transparent Bridge - Port redirects

      Director Priority

      Management IP

      Should I have HTTP Proxy enabled, if so what settings

       

       

      In static routes do I need to put intries for each of my subnets on the network side?

       

      as for eth0 and eth1 which Default gateway do I use?

        • 1. Re: Transparent Bridge Mode

          I've attached a document with screenshots of the settings I use when I setup Transparent Bridge mode.

          It should give you some idea of what to set on yours.

           

          The only thing I don't have are the static routes. Yes, I think you would need them for the 192.168.X networks to point back to your router.

           

           

           

          Message was edited by: Erik Elsasser on 9/23/10 9:08:34 PM CDT
          • 2. Re: Transparent Bridge Mode
            ittech

            Erik, how did you get the ibr0 to show up in your Network Interface Settings?

             

            I am trying to prep our MWG7 for Transparent Bridge Mode and I just want to get as much done now as possible. Does it have anything to do with me not changing the Network Setup from Proxy to Transparent bridge?

             

            Thanks!

            • 3. Re: Transparent Bridge Mode
              ittech

              In case anybody else has the same problem, the reason my bridge didn't show up was...

               

              It has to be named "ibr0", not "bridge01" like my attempt

              • 4. Re: Transparent Bridge Mode
                smalldog

                Hi Ittech, i can not see ibr0 to enable (see attach). Can you help me, thanks!

                Edit: that fixed!

                 

                Message was edited by: smalldog on 5/18/11 4:56:52 AM CDT
                • 5. Re: Transparent Bridge Mode
                  michael_schneider

                  Hello,

                   

                  you need to select 2 interfaces from your 4. For both, you need to enabled the bridge by checking "Bridge enabled". As name for both you enter ibr0 and save. You will be logged out and the box will reboot. Afterwards the bridge is created. You should make sure that you are accessing the box over a 3rd interface which is not part of the bridge as the IPs of the two interfaces will be removed.

                   

                  thanks,

                  Michael

                  • 6. Re: Transparent Bridge Mode
                    smalldog

                    Thanks Michael, i got it

                    • 7. Re: Transparent Bridge Mode

                      If I understand it correctly, atleast four interfaces are required, two of those combined to form a Bridge interface. Now when a request is sent from external cloud to an internal webserver (Reverse proxy implemented in Transparent mode), Webwahser will intercept it before passing it on to the webserver. This implementation won't work if you have only two ports on webwahser appliance. Right?

                      transparent mode.bmp

                      I guess that in this case, I don't need to change my DNS entries to point to webwahser's IP address instead of webserver's as was the case in reverse proxy in explixit proxy mode.

                      • 8. Re: Transparent Bridge Mode
                        asabban

                        Hello,

                         

                        I don´t see why you would need 4 interfaces. I also do not really understand why you use a bridge interface for the management console? Maybe you can explain a bit more.

                         

                        Usually two interfaces should be enough:

                         

                        eth0 and eth1 combined to ibr0. You can add an IP address to ibr0 which can be used by MWG to talk to the Web Servers and to access the Web GUI. You can of course use additional interfaces like eth2 for MWG to talk to the Web Servers and eth3, but that is optional.

                         

                        Best,

                        Andre