SonicWall Firewall Native Bridge Support

06/01/2023 144 People found this article helpful 506,386 Views

Description

SonicOS 6.5 and above introduces Native Bridge Mode to support multiple bridges between the WLAN and other zones, and allows the WAN zone to be a native bridge host for bridging traffic to other zones. In Layer 2 bridging, if two hosts belong to the same subnet, a Layer 2 network device such as a SonicWall firewall can connect these two hosts. The network device bridges the packets from one host to another. This type of packet bridging works, for example, if the wireless interface and LAN Ethernet interface are assigned to the same subnet.

Packet Bridge

Previous versions of SonicOS provide L2 Bridge and Portshield support to provide some extent of Layer 2 bridging among LAN, WAN and other applicable zones. TZ Wireless and SOHO Wireless appliances support the WLAN Layer2 bridge feature. However, the WLAN Layer 2 bridge feature permits clients connected to the TZ/SOHO internal wireless to share an IP subnet with only LAN and DMZ zones, and only one‐to‐one (interface) Layer2 bridging is supported. With Native Bridging, you can bridge multiple virtual WLAN interfaces and virtual LAN interfaces together, and bridge between more than just WLAN and LAN/DMZ zones

A new IP Assignment is added to support this feature, called Native Bridge Mode. An interface placed into this mode becomes a Native Bridge member interface of the native bridge pair. The resulting bridge members and host work like a multi‐port bridge with full Layer 2 transparency, and all IP traffic that passes through can be configured to be, or not to be, subjected to full Stateful and deep‐packet inspection.

We can select Native Bridge Mode on a WLAN, DMZ, or LAN zone interface or on an unassigned interface. As this mode is a pure Layer 2 bridge scheme, after NativeBridge Mode is selected, the zone value of, for example, WLAN is changed to unassigned. This WLAN interface inherits the zone settings and IP settings of the native bridge host and becomes a native bridge member.

Only WLAN, DMZ, and LAN zone interfaces and unassigned interfaces are supported for Native Bridge mode. WAN zone interfaces are not allowed to join a Native Bridge as a member, but other interfaces can be native‐bridged to a WAN interface, making the WAN interface a Native Bridge host. The Native Bridge feature works with WLAN zones on TZ/SOHO Wireless appliances and on all SonicWall platforms with a SonicWave or SonicPoint wireless access point.

Resolution

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

To configure IP assignment to Native Bridge mode, Navigate to Network | System | Interfaces section.
Edit the interface and select Mode / IP Assignment to NativeBridge Mode.
Choose the interface to which we have to bind the selected interface as a Native Bride member under "Nnative Bridge to" field.
Enable the option "Enable firewalling with other bridge members" if we want to see the traffic between the Bridged Pair members hitting the firewall.
NOTE: By default we won't be able to see the traffic on SonicWALL between the clients connected in Native Bridge Pair like in the packet capture, enabling this option will show the packets in the capture coming from the same parent interface.
Click OK to save the settings.
Navigate to Network | System | ARP section to check the ARP entries for devices connected with Native Bridge members.
NOTE: ARP entries for devices connected with native bridge member interface will show as connected behind the parent interface in ARP table e.g., if a device is connected to X2 interface (Native Bridge member) which is bridged to X0 (Native Bridge host), the ARP table will show the IP as connected behind X0 interface.

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

To configure IP assignment to Native Bridge mode, Navigate to Manage | System Setup | Network | Interfaces section.
Edit the interface and select Mode / IP Assignment to NativeBridge Mode.
Choose the interface to which we have to bind the selected interface as a Native Bride member under "Nnative Bridge to" field.
Enable the option "Enable firewalling with other bridge members" if we want to see the traffic between the Bridged Pair members hitting the firewall.
NOTE: By default we won't be able to see the traffic on SonicWALL between the clients connected in Native Bridge Pair like in the packet capture, enabling this option will show the packets in the capture coming from the same parent interface.
Click OK to save the settings.
Navigate to Network | System Setup | Network | ARP section to check the ARP entries for devices connected with Native Bridge members.
NOTE: ARP entries for devices connected with native bridge member interface will show as connected behind the parent interface in ARP table e.g., if a device is connected to X3 interface (Native Bridge member) which is bridged to W0 (Native Bridge host), the ARP table will show the IP as connected behind W0 interface.