Bridge – Routing without analysis
NOTE
This option will be indicated as “disabled” if the option Address range inherited from the
bridge was not selected in the Configuration of the interface tab and the options will be
grayed out.
Authorize without
analyzing
Allows letting IPX (Novell network), Netbios (on NETBEUI), AppleTalk (for Macintosh),
PPPoE or Ipv6 packets pass between the bridge’s interfaces. No high-level analysis or
filtering will be applied to these protocols (the firewall will block or pass).
Bridge– Routing by interface
NOTE
This option will be indicated as “disabled” if the option Address range inherited from the
bridge was not selected in the Configuration of the interface tab and the options will be
grayed out.
Keep initial routing This option will ask the firewall to not modify the destination in the Ethernet layer
when a packet goes through it. The packet will be resent to the same MAC address
from which it was received. The purpose of this option is to facilitate the integration of
firewalls transparently into an existing network, as this makes it possible to avoid the
need for modifying the default route of machines on the internal network.
Known limitations
Features on a firewall that inserts or modifies packets in sessions may fail to
function correctly. These cases are:
l The reinitialization of connections induced by an alarm,
l The SYN proxy (enabled in filtering),
l Requests to resend packets dropped in order to speed up a scan,
l Rewriting of packets by application scans (SMTP, HTTP and web 2.0, FTP and
NAT, SIP and NAT).
Keep VLAN IDs This option enables the transmission of tagged frames without the firewall having to
be the VLAN endpoint. The VLAN tag on these frames is kept so that the Firewall can
be placed in the path of a VLAN without the firewall interrupting this VLAN. The Firewall
runs seamlessly for this VLAN.
This option requires the activation of the previous option "Keep initial routing".
Gateway address This field is used for routing by interface. All packets that arrive on this interface will
be routed via a specified gateway.
Media
Media Connection speed of the network. By default the firewall detects this automatically
but you can enforce the use of a particular mode. The different speeds available are:
"Automatic detection", "10 Mb Half duplex", "10 Mb Full duplex", "100 Mb Half duplex",
"100 Mb Full duplex", "1 Gb Half duplex", "1 Gb Full duplex".
Warning
If the firewall is directly connected to an ADSL modem, you are advised to
enforce the medium that you wish to use on the interface concerned.
Page 190/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
INTERFACES
To Next Page
Loading...
