SonicWALL Layer 2 Bridge Mode and Transparent Mode
SonicOS Enhanced firmware versions 4.0 and higher include Layer 2 Bridge Mode, a new method of unobtrusively integrating a SonicWALL security appliance into any Ethernet network to share a common subnet across two interfaces. This allows it to perform stateful and deep-packet inspection on all traversing IP traffic and it is functionally more versatile. Layer2 Bridge Mode employs secure learning bridge architecture, enabling it to pass and inspect traffic types that cannot be handled by many other methods of transparent security appliance integration.
Using L2 Bridge Mode, a SonicWALL security appliance can be non-disruptively added to any Ethernet network to provide in-line deep-packet inspection, provision to bi-directionally scan all traversing TCP and UDP traffic to block threats, Viruses, Spyware, and stop intrusion attempts etc.,. Unlike other transparent solutions, L2 Bridge Mode can pass all traffic types, including IEEE 802.1Q VLANs (on SonicWALL NSA appliances), Spanning Tree Protocol, multicast, broadcast, IPv6 etc., ensuring that all network communications will continue uninterrupted.
Key Features of SonicOS Enhanced L2 Bridge Mode:
L2 Bridging with Deep Packet Inspection: This method of transparent operation means that a SonicWALL security appliance can be added to any network without the need for readdressing or reconfiguration, enabling the addition of deep-packet inspection security services with no disruption to existing network designs. Developed with connectivity in mind as much as security, L2 Bridge Mode can pass all Ethernet frame types, ensuring seamless integration.
Secure Learning Bridge Architecture: True L2 behavior means that all allowed traffic flows natively through the L2 Bridge, whereas other methods of transparent operation rely on ARP and route manipulation to achieve transparency, which frequently proves problematic. L2 Bridge Mode dynamically learns the topology of the network to determine optimal traffic paths.
Mixed-Mode (aka Non-Captive Mode) operation: L2 Bridge Mode can concurrently provide L2 Bridging and conventional security appliance services, such as routing, NAT, VPN, and wireless operations. This means it can be used as an L2 Bridge for one segment of the network, while providing a complete set of security services to the remainder of the network. This also allows for the introduction of the SonicWALL security appliance as a pure L2 bridge with a smooth migration path to full security services operation.
Universal Ethernet Frame-Type Support: All Ethernet traffic can be passed across an L2 Bridge, meaning that all network communications will continue uninterrupted. While many other methods of transparent operation will only support IPv4 traffic, L2 Bridge Mode will inspect all IPv4 traffic, and will pass (or block, if desired) all other traffic, including LLC, all Ethertypes, and even proprietary frame formats.
Mixed-Mode Deployments: Refers to deployments where the Bridge-Pair will not be the only point of ingress/egress through the SonicWALL (see the sample deployment diagram below). This means that traffic entering one side of the Bridge Pair may be destined to be routed/NATed through a different interface. This will be common when the SonicWALL is simultaneously used to provide security to one or more Bridge-Pair while also providing
A. Perimeter security, such as WAN connectivity, to hosts on the Bridge-Pair or on other interfaces.
B. Firewall and Security services to additional segments, such as Trusted (LAN) or Public (DMZ) interface, where communications will occur between hosts on those segments and hosts on the Bridge-Pair.
C. Wireless services with SonicPoints, where communications will occur between wireless clients and hosts on the Bridge-Pair.
