Interfaces; Operating Mode Between Interfaces; Advanced Mode; Bridge Mode Or Transparent Mode - Stormshield SN series Configuration Manual

INTERFACES

The Interfaces module allows you to manage, add and delete network elements called network
interfaces that represent physical or virtual communication devices between the various
networks that pass through the appliance.
Bridges comprise 3 tabs, interfaces consist of 2 tabs (Ethernet and VLANs) and modems take up
only 1 tab.
To find out which characters are allowed or prohibited in various fields, please refer to
A: Allowed names.

Operating mode between interfaces

How interfaces on the firewall interact can be configured according to three different modes:
Advanced mode (Router)
l
Bridge mode (or transparent mode)
l
Hybrid mode
l

Advanced mode

In advanced mode: each interface has a different IP address and the network that has been
assigned to it is in the same address class. This enables the configuration of translation rules for
accessing other zones in the firewall.
With this configuration mode, the Firewall operates like a router between its different interfaces.
This involves certain IP address changes on the routers or servers when you move them to a
different network (behind a different interface of the Firewall).
The advantages of this mode are:
possibility of address translation from one address class to another.
l
only traffic passing from one interface to another passes through the firewall (internal network
l
to the internet, for example). This considerably lightens the firewall's load and returns better
response times.
better distinction between the different elements belonging to each zone (internal, external
l
and DMZ). The distinction is made by the different IP addresses for each zone. This enables a
clearer view of the separations and the configuration to be applied on these elements.

Bridge mode or transparent mode

In transparent (bridge) mode: interfaces are part of the address range declared on the bridge.
The transparent or "bridge" mode, allows keeping the same address range between interfaces.
It simulates a filtering bridge: in other words, all the network traffic crosses it.
However, you can subsequently filter traffic across by using interface objects or address ranges
according to your needs and therefore protect any part of your network.
There are many advantages to this mode:
ease of integration of the product since there is no change in the configuration of client
l
workstations (default router, static routes, etc.) and no change in IP address on your network.
Page 180/448
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
INTERFACES
Appendix