Configuring Interfaces in Transparent IP Mode (Splice L3 Subnet)

03/26/2020 259 People found this article helpful 192,902 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

Transparent Mode enables the SonicWall security appliance to bridge the WAN subnet onto an internal interface. It requires valid IP addresses for all computers connected to the interface in Transparent Mode on your network, but allows remote access to authenticated users. You can use an interface in Transparent mode for public servers and devices with static IP addresses you want visible outside your SonicWall security appliance-protected network.

For more information about Transparent Mode vs L2 Bridge see KB 170504277832289 - Comparison of L2 Bridge Mode to Transparent Mode

Resolution

To configure an interface for transparent mode:

1. Click on the Configure icon in the Configure column for the Unassigned Interface you want to configure. The Edit Interface dialog displays.
2. Select an interface
   • If you select a configurable interface, select LAN or DMZ for Zone.
   • If you want to create a new zone for the configurable interface, select Create a new zone Public or Local Zone. For more information see KB 170503641320709 - How to create a custom Zone
3.  Select Transparent IP Mode (Spice L3 Subnet) from the Mode / IP Assignment drop-down menu.
4. From the Transparent Range drop-down menu, select an address object that contains the range of IP addresses you want to have access through this interface. The address range must be within an internal zone, such as LAN, DMZ, or another trusted or public zone matching the zone used for the internal transparent interface. If you do not have an address object configured that meets your needs, perform the following:
   a) In the Transparent Range menu, select Create New Address Object. The Add Address Object dialog displays.
   b) In the Name field, enter a friendly name for the address range.
   c) For Zone Assignment, select an internal zone, such as LAN, DMZ, or another trusted/public zone. The range must not include the WAN nor LAN interface IP address.
   d) For Type, select:
   
   • Select Host if you want only one network device to connect to this interface.
   • Select Range to specify a range of IP addresses by entering beginning and ending value of the range.
   • Select Network to specify a subnet by entering the beginning value and the subnet mask. The subnet must be within the WAN address range and cannot include the WAN interface IP address
   
   e) In the IP Address field, enter the IP address of the host, the beginning and ending address of the range, or the IP address and subnet mask of the network.
   f) Click OK to create the address object and return to the Edit Interface window
5. Enter any optional comment text in the Comment field. This text is displayed in the Comment column of the Interface table.
6. If you want to enable remote management of the SonicWall security appliance from this interface, from the Management options, select one or more of the supported management protocol(s): HTTPS, Ping, SNMP, SSH.
   

   NOTE: To allow access to the WAN interface for management from another zone on the same appliance, access rules must be created.  

7. If you want to allow selected users with limited management rights to log directly into the security appliance through this interface, select HTTP and/or HTTPS in User Login.
8. (Optional) If you selected HTTPS, to have users redirected from HTTP to HTTPS, select Add rule to enable redirect from HTTP to HTTPS.
9. Click OK.

Related Articles

• Bandwidth usage and tracking in SonicWall
• How to force an update of the Security Services Signatures from the Firewall GUI
• Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

Categories

• Firewalls > TZ Series > Networking
• Firewalls > SonicWall NSA Series > Networking
• Firewalls > NSa Series > Networking