A bridge connects two network segments, typically by operating transparently and deciding on a frame-by-frame basis whether or not to forward from one network to the other. The bridge interface is used to connect two network segments within one logical network or to break a collision domain.
Seqrite UTM supports IEEE 802.1D standard for configuration of network bridge interface.
You can configure Seqrite UTM in bridge mode if you already have a firewall/router and do not wish to replace it. Seqrite UTM supports mix mode configuration where both bridge mode and router mode can be simultaneously configured on the device. Bridge can be configured only on unconfigured interfaces.
The Bridge Mode is a mode available in the Seqrite UTM appliance that enables it to redirect all incoming and outgoing traffic through its firewall application by running between your router/main firewall and local network. Essentially, it enables the hardware to do its duty to act as a firewall that filters and sorts out content for possible threats or exploits.The benefits of doing so are tremendous, plus activating Bridge Mode is quite easy to setup and totally secures your traffic by scanning all incoming and outgoing traffic in an automated manner.
Of content scanning in both directions because the UTM appliance has its own processor and applications of its own. Therefore, neither your network server nor computer systems will have to sacrifice their own resources for the IT security equipment to work.
In Seqrite security terms, the bridge in this case is the UTM itself.
- At the Gateway - (Firewall / Router) - There are no changes to be made.
- At Seqrite UTM - (Bridge Mode) - These are the following steps -
3. Go to “Network” under “Dashboard” , select “Interface” and click on “Add”.
4. Under Type - Select “Bridge”
5. Enter Bridge ID - “1”
6. Interface A - “eth1” - Zone A - ”WAN” -- Interface B - “eth2” - Zone B - ”LAN”
7. IPv4 address - (UTM address in local LAN) -- IPv4 Gateway - (Gateway device IP address)
Connections to be made :
1. Connect LAN from Gateway to “eth1” of UTM in bridge mode.
2. Connect cable from “eth2” of UTM in bridge mode to LAN network.
After successfully configuring bridge mode :
After successfully configuring bridge mode, a new interface will be create on “Interface”. The new interface will be named as “br1”.
1. There are no changes to be made to the existing LAN network - the IPv4 settings will be the same. The network will remain unaffected after adding the UTM in Bridge Mode in between. Here the Gateway is 192.168.2.1 and UTM bridge mode is set for 192.168.2.2.
LAN users will be able to ping Gateway (192.168.2.1) but not be able to ping (Bridge mode - 192.168.2.2) and 192.168.2.2 will not be shown in tracert. UTM in bridge mode will be undetected in the network.
LAN network users will not be able to ping UTM in Bridge Mode (192.168.2.2)
2. To access Bridge Mode UTM admin page -
Connect single system to default LAN port eth0 and add IP address in 192.168.1.0/24 network. Access admin page at 192.168.1.1:88.
- Add LAN IP address of that system to “Network” - “Proxy”- “Bypass Proxy for Hosts” in Bridge UTM. Access admin page at 192.168.2.2:88.
3. “Network” - “Proxy”- “Bypass Proxy for Hosts” Gateway will not have any effect on the policy and direct access of LAN IP.
“Network” - “Proxy”- “Bypass Proxy for Hosts” Gateway will not have any effect on the policy and direct access of LAN IP.
4. If there is a Seqrite Firewall present at Gateway level and Seqrite UTM at Bridge Mode, then we have to create groups and policy at Bridge Mode UTM as only these policies will affect LAN users.
5. In case there is MPLS router at Gateway and Seqrite UTM at Bridge Mode then -
In this case we have to do the same settings as given above and apart from this we need to mention MPLS router IP in DNS settings of Bridge UTM.
To add MPLS IP in DNS - Go to “Dashboard”- “Network” - “DNS” - “DNS Servers” - Right side, click on Add - Enter the MPLS router IP. This will ensure the connectivity and applications to run with UTM on bridge mode.
6. Kindly note that following features will not work in bridge mode.