SonicWall Firewall Native Bridge Support
03/26/2020 
68 
13525
DESCRIPTION:
SonicOS 6.5 introduces Native Bridge Mode to support multiple bridges between the WLAN and other zones, and allows the WAN zone to be a native bridge host for bridging traffic to other zones. In Layer 2 bridging, if two hosts belong to the same subnet, a Layer 2 network device such as a SonicWall firewall can connect these two hosts. The network device bridges the packets from one host to another. This type of packet bridging works, for example, if the wireless interface and LAN ethernet interface are assigned to the same subnet.
Previous versions of SonicOS provide L2 Bridge and Portshield support to provide some extent of Layer 2 bridging among LAN, WAN and other applicable zones. TZ Wireless and SOHO Wireless appliances support the WLAN Layer2 bridge feature. However, the WLAN Layer 2 bridge feature permits clients connected to the TZ/SOHO internal wireless to share an IP subnet with only LAN and DMZ zones, and only one‐to‐one Layer2 bridging is supported. With Native Bridging, you can bridge multiple virtual WLAN interfaces and virtual LAN interfaces together, and bridge between more than just WLAN and LAN/DMZ zones
Only WLAN, DMZ, and LAN zone interfaces and unassigned interfaces are supported for Native Bridge mode. WAN zone interfaces are not allowed to join a Native Bridge as a member, but other interfaces can be native‐bridged to a WAN interface, making the WAN interface a Native Bridge host. The Native Bridge feature works with WLAN zones on TZ/SOHO Wireless appliances and on all SonicWall platforms with a SonicWave or SonicPoint wireless access point.
RESOLUTION:
A new IP Assignment is added to support this feature, called Native Bridge Mode. An interface placed into this mode becomes a Native Bridge member interface of the native bridge. The resulting bridge members and host work like a multi‐port bridge with full Layer 2 transparency, and all IP traffic that passes through can be configured to be, or not to be, subjected to full stateful and deep‐packet inspection. You can select Native Bridge Mode on a WLAN, DMZ, or LAN zone interface or on an unassigned interface. As this mode is a pure Layer 2 bridge scheme, after NativeBridge Mode is selected, the zone value of, for example, WLAN is changed to unassigned. This WLAN interface inherits the zone settings and IP settings of the native bridge host and becomes a native bridge member. You can configure IP Assignment to NativeBridge Mode when editing an interface in the Manage | Network | Interfaces
Network | Interfaces
Network | ARP
(Note: Under the Interface Configuration, Only if we tick the checkmark "Enable Firewalling with other Bridge Members", we will be able to see the traffic between the Bridged Pair hitting the firewall but from the Same Parent Interface)
Sample Packet Capture for ICMP (from behind X3 to behind W0):
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Email SecurityProtect against today’s advanced email threats
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
