Support Training: Network Interface Lab Guide

Table of Contents
1. Configuring an Interface (LAN, DMZ, etc.) in Transparent Mode................................................ 2
2. Configuring an interface in Layer 2 Bridge Mode ......................................................................... 5

@ Copyright SonicWall Page 1 of 9

 Support Training: Network Interface Lab Guide
1. Configuring an Interface (LAN, DMZ, etc.) in Transparent Mode

Transparent mode simulates the bridging of WAN-side IP addresses/subnets onto internal interfaces, such
as the LAN or DMZ interface, by means of controlling the ARP and routing behaviour for the affected
addresses. Transparent Mode allocations are extremely flexible, allowing for multiple internal interfaces in
different zones to simultaneously operate in Transparent Mode, as long as the address assignments remain
unique and non-overlapping. Transparent mode can be useful in environments where it is not possible to
change existing internal IP addressing, or where it is necessary to deploy a SonicWall in a non-interruptive,
in-line fashion.

Transparent Mode works on a SonicWall by defining a “Transparent Range” address object associated with
the WAN subnet. The “Transparent Range” defines which external (WAN side) IP addresses the SonicWall
will consider to be attached to an internal interface. The Transparent Range object can be a Host, Range, or
group of Host or Range Address Objects. Addresses within the Transparent Range will not be NAT’d on
egress from the WAN interface; instead, they will retain their original source IP addresses.

Transparent Mode enables the SonicWall security appliance to bridge the WAN subnet onto an internal
interface. To configure an interface for transparent mode, complete the following steps:

Step 1, Click on the Configure icon in the Configure column for Unassigned Interface you want to configure.
The Edit Interface window is displayed.

Step 2, Select an interface.

1. If you select a configurable interface, select LAN or DMZ for Zone.
2. If you want to create a new zone for the configurable interface, select Create a new zone. The
Add Zone window is displayed.

Step 3, Select Transparent Mode from the IP Assignment menu.

@ Copyright SonicWall Page 2 of 9

 Support Training: Network Interface Lab Guide

Step 4, From the Transparent Range menu, select an address object that contains the range of IP addresses
you want to have access through this interface. The address range must be within the WAN zone and must
not include the WAN interface IP address. If you do not have an address object configured that meets your
needs:

a. In the Transparent Range menu, select Create New Address Object.

b. In the Add Address Object window, enter a name for the address range.
1. For Zone Assignment, select DMZ.
2. For Type, select:
 Host : if you want only one network device to connect to this interface.
 Range : to specify a range of IP addresses by entering beginning and ending value of
the range.
 Network : to specify a subnet by entering the beginning value and the subnet mask.
The subnet must be within the WAN address range and cannot include the WAN
interface IP address.
c. Enter the IP address of the host, the beginning and ending address of the range, or the IP
address and subnet mask of the network.
d. Click OK to create the address object and return to the Edit Interface window.

Step 5, Enter any optional comment text in the Comment field. This text is displayed in the Comment
column of the Interface table.

Step 6, If you want to enable remote management of the SonicWall security appliance from this interface,
select the supported management protocol(s): HTTP, HTTPS, SSH, Ping, SNMP, and/or SSH. To allow access
to the WAN interface for management from another zone on the same appliance, access rules must be
created.

@ Copyright SonicWall Page 3 of 9

 Support Training: Network Interface Lab Guide
Step 7, If you want to allow selected users with limited management rights to log directly into the security
appliance through this interface, select HTTP and/or HTTPS in User Login.

Step 8, Click OK

Sometimes there might be an error message thrown by SonicWall as shown in the screenshot below,

From the error message, we can understand that the range that we have selected is not in the actual primary
WAN subnet on SonicWall. You need to make sure that the transparent range chosen in the "Transparent
Range" field is in primary WAN subnet of SonicWall & follow steps 4 to 8 again. The configuration will be
successful.

If you need to force an Ethernet speed, duplex and/or MAC address, click the Advanced tab. The Ethernet
Settings section allows you to manage the Ethernet settings of links connected to the SonicWall. Auto
Negotiate is selected by default as the Link Speed because the Ethernet links automatically negotiate the
speed and duplex mode of the Ethernet connection. If you want to specify the forced Ethernet speed and
duplex, select one of the following options from the Link Speed menu:

•1000 Mbps - Full Duplex

•100 Mbps - Full Duplex
•100 Mbps - Half Duplex
•10 Mbps - Full Duplex
•10 Mbps - Half Duplex

@ Copyright SonicWall Page 4 of 9

 Support Training: Network Interface Lab Guide
You can choose to override the Default MAC Address for the Interface by selecting Override Default MAC
Address and entering the MAC address in the field. Check Enable Multicast Support to allow multicast
reception on this interface.

Caution: If you select a specific Ethernet speed and duplex, you must force the connection speed and duplex
from the Ethernet card to the SonicWall security appliance as well.

Step 9, Configuring the hosts connected to the Transparent interface

The hosts connected to the X2 interface should be configured with the IP addresses within the Transparent
Range. The default gateway could either be the upstream ISP router address or the SonicWall WAN
interface IP. Once the hosts are configured appropriately they will be able to go online with the IP address
assigned to them without being NAT'ed. Conversely, the hosts can be reached from the WAN side of the
SonicWall with the IP address assigned to them provided a WAN > DMZ Allow rule exists.

2. Configuring an interface in Layer 2 Bridge Mode

L2 Bridge Mode is ostensibly similar to SonicOS Enhanced’s Transparent Mode in that it enables a SonicWall
security appliance to share a common subnet across two interfaces, and to perform stateful and deep-
packet inspection on all traversing IP traffic, but it is functionally more versatile.

In particular, L2 Bridge Mode employs a secure learning bridge architecture, enabling it to pass and inspect
traffic types that cannot be handled by many other methods of transparent security appliance integration.
Using L2 Bridge Mode, a SonicWall security appliance can be non-disruptively added to any Ethernet
network to provide in-line deep-packet inspection for all traversing IPv4 TCP and UDP traffic. In this
scenario the SonicWall UTM appliance is not used for security enforcement, but instead for bidirectional
scanning, blocking viruses and spyware, and stopping intrusion attempts.

@ Copyright SonicWall Page 5 of 9

 Support Training: Network Interface Lab Guide
Unlike other transparent solutions, L2 Bridge Mode can pass all traffic types, including IEEE 802.1Q VLANs
(on SonicWall NSA appliances), Spanning Tree Protocol, multicast, broadcast, and IPv6, ensuring that all
network communications will continue uninterrupted.

Step 1, Configuring the Primary Bridge Interface

Choose an interface to act as the Primary Bridge Interface. In this example, we will use X1 (automatically
assigned to the Primary WAN): Network > Interfaces

1. Select the Network tab, Interfaces folder from the navigation panel.
2. Click the Configure icon in the right column of the X1 (WAN) interface.
3. Configure the interface with a Static IP address (e.g. 192.168.160.50).

4. You may optionally enable the Block all non-IPv4 traffic setting to prevent the L2 bridge from
passing non-IPv4 traffic. VLAN Filtering (on SonicWall NSA series appliances)
5. You may also optionally navigate to the VLAN Filtering tab to control VLAN traffic through the L2
bridge. By default, all VLANs are allowed:

a. Select Block listed VLANs (blacklist) from the drop-down list and add the VLANs you
wish to block from the left pane to the right pane. All VLANs added to the right pane will
be blocked, and all VLANs remaining in the left pane will be allowed.

@ Copyright SonicWall Page 6 of 9

 Support Training: Network Interface Lab Guide
b. Select Allow listed VLANs (whitelist) from the drop-down list and add the VLANs you
wish to explicitly allow from the left pane to the right pane. All VLANs added to the right
pane will be allowed, and all VLANs remaining in the left pane will be blocked.

6. Click OK.

Step 2, Configuring the Secondary Bridge Interface

Choose an interface to act as the Secondary Bridge Interface. In this example, we will use X0 (automatically
assigned to the LAN): Network > Interfaces

1. On the Network > Interfaces page, click the Configure icon in the right column of the X0 (LAN)
interface.
2. In the IP Assignment drop-down list, select Layer 2 Bridged Mode.
3. In the Bridged to drop-down list, select the X1 interface.
4. Configure management (HTTP, HTTPS, Ping, SNMP, SSH, User Logins, HTTP Redirects).

5. Click OK.

@ Copyright SonicWall Page 7 of 9

 Support Training: Network Interface Lab Guide

The Network > Interfaces page displays the updated configuration: You may now apply security services to
the appropriate zones, as desired. In this example, they should be applied to the LAN, WAN, or both zones.

This product is protected by U.S. and international copyright and intellectual property laws.
SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the
U.S.A. and/or other countries. All other trademarks and registered trademarks are property of
their respective owners.
The information in this document is provided in connection with SonicWall Inc. and/or its
affiliates’ products. No license, express or implied, by estoppel or otherwise, to any intellectual
property right is granted by this document or in connection with the sale of SonicWall products.
EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE
AGREEMENT FOR THIS PRODUCT, SONICWALL AND/OR ITS AFFILIATES ASSUME NO LIABILITY
WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING
TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO
EVENT SHALL SONICWALL AND/OR ITS AFFILIATES BE LIABLE FOR ANY DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT
LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF
INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF
SONICWALL AND/OR ITS AFFILIATES HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES. SonicWall and/or its affiliates make no representations or warranties with respect
to the accuracy or completeness of the contents of this document and reserve the right to
make changes to specifications and product descriptions at any time without notice. SonicWall

@ Copyright SonicWall Page 8 of 9

 Support Training: Network Interface Lab Guide
Inc. and/or its affiliates do not make any commitment to update the information contained in
this document.
For more information, visit https://www.sonicwall.com/legal/.

________________________________________
Last updated: 1/11/2018

@ Copyright SonicWall Page 9 of 9