VLAN Translation Overview in SonicOS 6.2.5

03/26/2020 49 14920

DESCRIPTION:

VLAN Translation is introduced to SonicOS from version 6.2.5, which is supported on all wire mode capable appliances. This feature allows for traffic coming on a VLAN to a Wire Mode interface operating in Secure Mode to be mapped to a different VLAN on the outgoing paired interface, so that you can re-route some of the traffic coming into the firewall onto different VLANs to perform further analysis, processing or just traffic remapping.

RESOLUTION:

1.  VLAN Translation feature supports creating two modes (Bi-directional and Uni-directional map) mapping policies.

2. You can create a VLAN Translation mapping policy before you create a Wire Mode pair interfaces of after.

3. The VLAN Translation policy created for a pair of interfaces is persistent over reload and is stored as part of the configuration.

4. If the interfaces are moved out of Wire Mode while they have mapping policies associated with, those mapping policies will not get deleted but become inactive.

5. You can create mapping policies for an interface with multiple interfaces at the same time, but only mapping for the current active Wire Mode pair will be in active status. If the paired interface is changed and the new pair has pre-created mapping policy will go into effect immediately once the pair changed.

In the above picture, you can see a mapping policy exist for X2 to X4 as well as X2 to X3, but since only X2 and X4 are currently forming a Wire Mode pair, the first policy is active. If change the paired interface from X4 to X3 for the interface X2, the first policy will become inactive and the second policy will become active immediately.