SonicWall Firewall Native Bridge Support

03/26/2020 101 People found this article helpful 198,524 Views

Download

Print

Share

• LinkedIn
• Twitter
• Facebook
• Email
• Copy URL The link has been copied to clipboard

Description

SonicOS 6.5 introduces Native Bridge Mode to support multiple bridges between the WLAN and other zones, and allows the WAN zone to be a native bridge host for bridging traffic to other zones. In Layer 2 bridging, if two hosts belong to the same subnet, a Layer 2 network device such as a SonicWall firewall can connect these two hosts. The network device bridges the packets from one host to another. This type of packet bridging works, for example, if the wireless interface and LAN ethernet interface are assigned to the same subnet.

Previous versions of SonicOS provide L2 Bridge and Portshield support to provide some extent of Layer 2 bridging among LAN, WAN and other applicable zones. TZ Wireless and SOHO Wireless appliances support the WLAN Layer2 bridge feature. However, the WLAN Layer 2 bridge feature permits clients connected to the TZ/SOHO internal wireless to share an IP subnet with only LAN and DMZ zones, and only one‐to‐one Layer2 bridging is supported. With Native Bridging, you can bridge multiple virtual WLAN interfaces and virtual LAN interfaces together, and bridge between more than just WLAN and LAN/DMZ zones

Only WLAN, DMZ, and LAN zone interfaces and unassigned interfaces are supported for Native Bridge mode. WAN zone interfaces are not allowed to join a Native Bridge as a member, but other interfaces can be native‐bridged to a WAN interface, making the WAN interface a Native Bridge host. The Native Bridge feature works with WLAN zones on TZ/SOHO Wireless appliances and on all SonicWall platforms with a SonicWave or SonicPoint wireless access point.

Resolution

A new IP Assignment is added to support this feature, called Native Bridge Mode. An interface placed into this mode becomes a Native Bridge member interface of the native bridge. The resulting bridge members and host work like a multi‐port bridge with full Layer 2 transparency, and all IP traffic that passes through can be configured to be, or not to be, subjected to full stateful and deep‐packet inspection. You can select Native Bridge Mode on a WLAN, DMZ, or LAN zone interface or on an unassigned interface. As this mode is a pure Layer 2 bridge scheme, after NativeBridge Mode is selected, the zone value of, for example, WLAN is changed to unassigned. This WLAN interface inherits the zone settings and IP settings of the native bridge host and becomes a native bridge member. You can configure IP Assignment to NativeBridge Mode when editing an interface in the Manage | Network | Interfaces

Network | Interfaces

Network | ARP

(Note: Under the Interface Configuration, Only if we tick the checkmark "Enable Firewalling with other Bridge Members", we will be able to see the traffic between the Bridged Pair hitting the firewall but from the Same Parent Interface)

Sample Packet Capture for ICMP (from behind X3 to behind W0): 

Related Articles

• Bandwidth usage and tracking in SonicWall
• How to force an update of the Security Services Signatures from the Firewall GUI
• Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

Categories

• Firewalls > TZ Series > Firmware
• Firewalls > SonicWall NSA Series > Networking
• Firewalls > TZ Series > Networking