Network Setup
91
A guide to bridging across an IPSec tunnel using GRE is provided in the section entitled
GRE over IPSec in the Virtual Private Networking chapter.
VLANs
Note
VLANs are not supported by the SG300.
VLAN stands for virtual local area network. It is a method of creating multiple virtual
network interfaces using a single physical network interface.
Packets in a VLAN are simply Ethernet packets that have an extra 4 bytes immediately
after the Ethernet header. The format for these bytes is defined by the standard IEEE
802.1Q. Essentially, they provide for a VLAN ID and a priority. The VLAN ID is used to
distinguish each VLAN. A packet containing a VLAN header is called a tagged packet.
When a packet is routed out the VLAN interface, the VLAN header is inserted and then
the packet is sent out on the underlying physical interface. When a packet is received on
the physical interface, it is checked for a VLAN header. If present, the router makes it
appear as though the packet arrived on the corresponding VLAN interface.
Once added, VLAN interfaces can be configured through the Network Setup ->
Connections table as if they were additional physical network interfaces.
Note
Since the addition and removal of the VLAN header are performed in software, any
network device can support VLANs. Further, this means that VLANs should not be used
for security unless you trust all the devices on the network segment.
A typical use of VLANs with the CyberGuard SG appliance is to it to enforce access
policies between ports on an external switch that supports port-based VLANs.
In this scenario, only the switch and other trusted devices should be directly connected to
the LAN port of the CyberGuard SG appliance. The CyberGuard SG appliance and the
switch are configured with a VLAN for each port or group of ports on the switch. The
switch is configured to map packets between its ports and the VLANs. The CyberGuard
SG appliance can then be configured with firewall rules for the VLANs, and these rules
are effectively applied to the corresponding ports on the switch.
To Next Page
Loading...
Need help?
General
