Xg in Bridge mode

Daniel,

can you explain better what you are trying to achieve? A diagram will be better.

Thanks

I want to run the xg in transparant mode, so this sits between server and desktop subnets and there respective routers, which in this case is a 2012 server. I want to be able to control the flowing between, server and desktop networks using the xg firewall polices. B7t I don't want to make any changes to to current topology

Thanks

Bridges works at layer 2, so you cannot bridge multiple interfaces belonging to different subnets.

So if you have 2 subnets (192.168.0.0/24 for computers and 192.168.1.0/24 for server) where both networks are attached and routing is managed by routers, you need 4 ports, 2 for the computer zone bridge and 2 for the server zone bridge.

In this way, you can filter traffic flowing inside the bridges.

So when creating bridges  interfaces on the xg, you say need 4 ports 2 for each subnet. When creating the bridges interfaces, are both interface that are being assign, need to be in the same zone, or do you need one interface from each zone being added to each bridge interface? Could you explain why two interface are  needed for bridging

Thanks

Daniel,

attach a small draw of what network topology is and I will explain better on that. With the picture is easier!

[:D]

quick diagram of network layput

Daniel,

I advise you to create 2 additional zones: servers and computers, then add the nic where servers are attached to zone servers and move the nic where server's router nic is connected to the same zone.do the same for the computer nic and zone.

Create the 2 bridges: 1 containing servers zone and nics added before and another bridge for computers zone.

Make sure on both bridges to configure as default gateway the right router default IP address.

Create the needed Firewall policy from servers to servers zone and computer to computer zones to.

Create proper firewall rules to allow required traffic from computers to server zone and apply all the filters you like.

Hi,

Thanks for your input about this. I have created, two separate zones, one for serves and one for the desktops. Then also added two more vnics as my XG is a VM. So the setup was

Port B WAN

Bri0 - bridge interface for servers

Port A and D

ip 192.168.15.20

Bri1 - bridge interface for desktops

Port C and E

IP 192.168.16.20

I then also created 2 firewall rules, allow any server and ports from the zone LAN to LAN (which is the server zone) and rule again allow all services from Desktop to Desktop (which is the desktop zone). I have left the GW for the servers network as 192.168.15.2 and for the desktops its 192.168.16.2. Having made the changes all that happen the CPU on the VM XG hit 100%, and locked up. To resolve the issue i had to power down the XG and remove the 2 newly addedd VM nics ports D and E.

No idea what i have done wrong :)

Thanks

Dan

Dan,

do you have an update on this?

Thanks

Hello Dan

By any chance did you enable promiscuous mode on any of the VM Interfaces? The Firewall VM is known to misbehave when promiscuous mode is enabled on the bridge interfaces.

Please go to the advanced console and run psmon or on the console run "system diagnostics utilities proc" and let me know which process is consuming 100% CPU.

Please share the results so that I may help you further.

Regards,