7 Replies Latest reply on May 23, 2014 3:24 AM by stonewall

    Transparent (Bridge) mode

    stonewall

      Hi team,

      Can I configure MFE for Transparent mode, when internal_network have two interfaces.

      That mean, I use three interfaces in Brigde mode.

      MFE device in this case : S1104.

        • 1. Re: Transparent (Bridge) mode

          Hello,

           

          I believed that three interfaces in a bridge were possible, but just to confirm, I searched and found this in the 8.3.2 Product Guide:

           

          In transparent (bridged) mode, two or more firewall interfaces are connected inside a single network and bridged to form a transparent interface.

           

          So yes it is possible.

           

          -Matt

          • 2. Re: Transparent (Bridge) mode
            stonewall

            Hi Mutuma,

            Thanks for reply,

            I tried configure three interface in a bridge mode, save OK.

            However, there is only one interface in internal_network working and connect to external_network.

            The version of My firewall is 8.3.1.  I will upgraded to 8.3.2 and try again.  I hope that it doing well 

            • 3. Re: Transparent (Bridge) mode

              Hello,

               

              While it is a good idea to run 8.3.2, I do not believe this will solve your problem. Do you have details about why the other interfaces are failing?

               

              -Matt

              • 4. Re: Transparent (Bridge) mode
                stonewall

                Hi,

                 

                I tried with 8.3.2. it's not work.

                Default, in transparent (bridged) mode, members of the bridge group are the following interface:

                     -  External_network

                     -  Internal_network

                I can choose to more than interfaces (eg: internal_02, internal_03) in the bridge group. However, only INTERNAL_NETWORK interface which is connected to EXTERNAL (internet zone).

                I have captured my screen when I switching from INTERNAL_NETWORK interface to INTERNAL_02.

                The policy is allow All.

                • 5. Re: Transparent (Bridge) mode

                  Hello,

                   

                  Can you provide more information about it not working? Have you run any tcpdumps? Is there any messages in the audit?

                   

                  -Matt

                  • 6. Re: Transparent (Bridge) mode
                    sliedl

                    You can use these commands to help you troubleshoot:

                     

                    $> region

                    -- Shows you the zone numbers for each zone name.  The next commands only display the zone number from 'region.'

                     

                    $> ifconfig bridge0 addr

                    -- Lists the addresses learned by the bridge and shows which interface in the bridge saw that IP/MAC combination

                     

                    $> ifconfig bridge0 flush

                    -- Flushes all the learned addressses

                     

                    $> ifconfig bridge0 maxaddr [size]

                    -- The default size is 100 entries in the bridge table.  You may or may not have to increase this someday.

                     

                    $> arp -an

                    -- Shows your arp table

                     

                    $> route -n get [IP address]

                    -- Shows which interface a packet would go if it is destined for [IP address]

                     

                    You should call into Support if you do not know how to use all of these commands, along with tcpdump, to troubleshoot the connection.  Unless you are at the latest version of code, the audit will not be helpful for you here (the latest versions added audits to help diagnosing bridge issues).

                    1 of 1 people found this helpful
                    • 7. Re: Transparent (Bridge) mode
                      stonewall

                      Hi Mtuma, Siedl

                       

                      IT worked  when I run command:

                      $> ifconfig bridge0 flush

                       

                      Thanks for support.