The firewall supports Layer 2 bridging of one or more network interfaces in order to create an aggregated network or to physically separate LAN segments in a flat network structure. Configure Layer 2 bridging to transparently connect two networks.
- You can bridge a wireless network with one of your local networks.
- If you have servers with external IP addresses, you can bridge that traffic with the ISP gateway.
After configuring your bridge, create an access rule to allow traffic between both networks. To help you configure the bridge, you can use the pre-installed bridge between ports p1 and p3 and the predefined firewall rule for the bridge.
Step 1. Configure the Bridge
Before you begin, verify that least one interface has a static route configured.
- Go to NETWORK > Bridging.
- Click Add Bridged Group.
- Enter a name for the bridge and add the interfaces to be bridged.
- Click Save .
Step 2. Create an Access Rule for the Bridge
Create an access rule to allow traffic between the bridged networks. For example, if you are bridging servers with external IP addresses with the ISP gateway, create a rule that allows traffic only on port 443 and port 80 to pass.
- Go to FIREWALL > Firewall Rules.
- Click ADD ACCESS RULE to create a new rule.
- Specify the settings according to your requirements (see below example: Port p1-Port p3 Bridge).
- Click Save.
Verify the order of the access rules. Because rules are processed from top to bottom in the ruleset, ensure that you arrange your rules in the correct order. Verify that your rules are placed above the BLOCKALL rule; otherwise, the rules are blocked. After ordering of rules in the ruleset via drag-and-drop, click Save Changes.
Port p1-Port p3 Bridge
To assist in evaluation and initial setup, the firewall has a pre-installed bridge between ports p1 and p3. You can see the bridge on the NETWORK > Bridging page. The firewall rule that allows all traffic to pass between ports P1 and P3 is called P1-P3-BRIDGE. That rule has the following settings:
|Allow||Port-p1||Port-p3||Any||Yes||Matching (matches all interfaces)||Original Source IP (the original source IP address is used)|