The Barracuda NextGen Firewall X-Series supports layer 2 bridging of one or more network interfaces to create an aggregated network or to physically separate LAN segments in a flat network structure. Configure Layer 2 bridging to transparently connect two networks.
- You can bridge a wireless network with one of your local networks.
- If you have servers with external IP addresses, you can bridge that traffic with the ISP gateway.
After configuring your bridge, create an access rule to allow traffic between both networks. To help you configure the bridge, you can use the pre-installed bridge between ports p1 and p3 and the predefined firewall rule for the bridge.
Step 1. Configure the bridge
Before you begin, verify that least one interface has a static route configured.
To configure the bridge:
- Go to the NETWORK > Bridging page.
- Click Add Bridged Group.
- Enter a name for the bridge and add the interfaces to be bridged.
- Click Save.
Step 2. Create an access rule for the bridge
Create an access rule to allow traffic between the bridged networks. For example, if you are bridging servers with external IP addresses with the ISP gateway, create a rule that only allows traffic on port 443 and port 80 to pass.
- Go to FIREWALL > Firewall Rules page.
- Click ADD ACCESS RULE to create a new rule.
- Specify the settings according to your requirements (see below example: Port p1-Port p3 Bridge).
- Click Save.
Verify the order of the access rules. Because rules are processed from top to bottom in the rule set, ensure that you arrange your rules in the correct order. You must especially ensure that your rules are placed above the BLOCKALL rule; otherwise, the rules are blocked. After adjusting the order of rules in the rule set (use 'drag and drop'), click Save Changes.
Port p1-Port p3 bridge
To aid you in evaluation and initial setup, the X-Series Firewall has a pre-installed bridge between ports p1 and p3. You can see the bridge on the NETWORK > Bridging page. The firewall rule that allows all traffic to pass between ports P1 and P3 is called P1-P3-BRIDGE. That rule has the following settings:
|Allow||Port-p1||Port-p3||Any||Yes||Matching (matches all interfaces)||No SNAT (original source IP address is used)|