- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
SonicWall Firewall Native Bridge Support
03/26/2020 
84 People found this article helpful
44,837 Views
Description
SonicOS 6.5 introduces Native Bridge Mode to support multiple bridges between the WLAN and other zones, and allows the WAN zone to be a native bridge host for bridging traffic to other zones. In Layer 2 bridging, if two hosts belong to the same subnet, a Layer 2 network device such as a SonicWall firewall can connect these two hosts. The network device bridges the packets from one host to another. This type of packet bridging works, for example, if the wireless interface and LAN ethernet interface are assigned to the same subnet.
Previous versions of SonicOS provide L2 Bridge and Portshield support to provide some extent of Layer 2 bridging among LAN, WAN and other applicable zones. TZ Wireless and SOHO Wireless appliances support the WLAN Layer2 bridge feature. However, the WLAN Layer 2 bridge feature permits clients connected to the TZ/SOHO internal wireless to share an IP subnet with only LAN and DMZ zones, and only one‐to‐one Layer2 bridging is supported. With Native Bridging, you can bridge multiple virtual WLAN interfaces and virtual LAN interfaces together, and bridge between more than just WLAN and LAN/DMZ zones
Only WLAN, DMZ, and LAN zone interfaces and unassigned interfaces are supported for Native Bridge mode. WAN zone interfaces are not allowed to join a Native Bridge as a member, but other interfaces can be native‐bridged to a WAN interface, making the WAN interface a Native Bridge host. The Native Bridge feature works with WLAN zones on TZ/SOHO Wireless appliances and on all SonicWall platforms with a SonicWave or SonicPoint wireless access point.
Resolution
A new IP Assignment is added to support this feature, called Native Bridge Mode. An interface placed into this mode becomes a Native Bridge member interface of the native bridge. The resulting bridge members and host work like a multi‐port bridge with full Layer 2 transparency, and all IP traffic that passes through can be configured to be, or not to be, subjected to full stateful and deep‐packet inspection. You can select Native Bridge Mode on a WLAN, DMZ, or LAN zone interface or on an unassigned interface. As this mode is a pure Layer 2 bridge scheme, after NativeBridge Mode is selected, the zone value of, for example, WLAN is changed to unassigned. This WLAN interface inherits the zone settings and IP settings of the native bridge host and becomes a native bridge member. You can configure IP Assignment to NativeBridge Mode when editing an interface in the Manage | Network | Interfaces
Network | Interfaces
Network | ARP
(Note: Under the Interface Configuration, Only if we tick the checkmark "Enable Firewalling with other Bridge Members", we will be able to see the traffic between the Bridged Pair hitting the firewall but from the Same Parent Interface)
Sample Packet Capture for ICMP (from behind X3 to behind W0):
Related Articles
- How to force an update of the Security Services Signatures from the Firewall GUI
- How to upload security services signatures manually on Closed Environments?
- How to Create Gen 7 Settings File by Using the Online Migration Tool
Categories
- Firewalls > TZ Series > Firmware
- Firewalls > SonicWall NSA Series > Networking
- Firewalls > TZ Series > Networking
YES
NO