Stormshield SN series Configuration Manual page 196

Request domain name
servers from the DHCP
server and create host
objects
Routing without analyzing
This option will be indicated as "disabled" if the option Address range inherited from the
bridge was not selected in the Configuration of the interface tab and the options will be
grayed out.
Authorize without
analyzing
Routing by interface
This option will be indicated as "disabled" if the option Address range inherited from the
bridge was not selected in the Configuration of the interface tab and the options will be
grayed out.
Preserve VLAN 802.1p
priority
Keep initial routing
Gateway address
Page 196/448
If this option is selected, the firewall will retrieve DNS servers from the DHCP server it
contacts (access provider, for example) to obtain its IP address.
Two objects will be dynamically created in the object database upon the selection of
this option: Firewall_<interface name>_dns1 and Firewall_<interface name_dns2. They
can then be used in the configuration of the DHCP service. So, if the Firewall provides
the users on its network with a DHCP service, the users will also benefit from the DNS
servers given by the access provider.
NOTE
This option will be disabled if the option Dynamic IP (obtained by DHCP) was
not selected in the Configuration of the interface tab
NOTE
Allows letting IPX (Novell network), Netbios (on NETBEUI), AppleTalk (for Macintosh),
PPPoE or Ipv6 packets pass between the bridge's interfaces. No high-level analysis or
filtering will be applied to these protocols (the firewall will block or pass).
NOTE
This option forces the firewall to keep 802.1p (Quality of Service) priority for packets
coming from the VLAN and passing through the firewall to an IPSec tunnel or another
interface on the firewall, for example.
This option will ask the firewall to not modify the destination in the Ethernet layer
when a packet goes through it. The packet will be resent to the same MAC address
from which it was received. The purpose of this option is to facilitate the integration of
firewalls transparently into an existing network, as this makes it possible to avoid the
need for modifying the default route of machines on the internal network.
Known limitations
Features on a firewall that inserts or modifies packets in sessions may fail to
function correctly. These cases are:
The reinitialization of connections induced by an alarm,
l
The SYN proxy (enabled in filtering),
l
Requests to resend packets dropped in order to speed up a scan,
l
Rewriting of packets by application scans (SMTP, HTTP and web 2.0, FTP and
l
NAT, SIP and NAT).
This field is used for routing by interface. All packets that arrive on this interface will
be routed via a gateway.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
INTERFACES