Converting An Interface To Link Aggregation (Lacp) - Stormshield SN series Configuration Manual

grayed out.
Authorize without
analyzing
Routing by interface
This option will be indicated as "disabled" if the option Address range inherited from the
bridge was not selected in the Configuration of the interface tab and the options will be
grayed out.
Keep initial routing
Keep VLAN IDs
Gateway address
Interface's throughput (for information only)
Backup appliance

Converting an interface to link aggregation (LACP)

This feature is only available on SN510, SN710, SN910, SN2000, SN3000, SN6000, NG1000 and
NG5000 models.
The LACP (IEEE 802.3ad - Link Aggregation Control Protocol) feature allows improving the
appliance's bandwidth while maintaining a high level of availability (link redundancy). Several
physical ports on an appliance can be grouped together to be considered a single logical
interface. Therefore, by aggregating x links, it will be possible to set up a link of x times 1 Gbps or
10 Gbps between two appliances.
Page 205/448
Allows letting IPX (Novell network), Netbios (on NETBEUI), AppleTalk (for Macintosh),
PPPoE or Ipv6 packets pass between the bridge's interfaces. No high-level analysis or
filtering will be applied to these protocols (the firewall will block or pass).
NOTE
This option will ask the firewall to not modify the destination in the Ethernet layer
when a packet goes through it. The packet will be resent to the same MAC address
from which it was received. The purpose of this option is to facilitate the integration of
firewalls transparently into an existing network, as this makes it possible to avoid the
need for modifying the default route of machines on the internal network.
Known limitations
Features on a firewall that inserts or modifies packets in sessions may fail to
function correctly. These cases are:
The reinitialization of connections induced by an alarm,
l
The SYN proxy (enabled in filtering),
l
Requests to resend packets dropped in order to speed up a scan,
l
Rewriting of packets by application scans (SMTP, HTTP and web 2.0, FTP and
l
NAT, SIP and NAT).
This option enables the transmission of tagged frames without the firewall having to
be the VLAN endpoint. The VLAN tag on these frames is kept so that the Firewall can
be placed in the path of a VLAN without the firewall interrupting this VLAN. The Firewall
runs seamlessly for this VLAN.
This option requires the activation of the previous option "Keep initial routing".
This field is used for routing by interface. All packets that arrive on this interface will
be routed via a specified gateway.
Defines the debit on an interface. This is an automatic entry that is not compulsory: it
is used for monitoring in the calculation of bandwidth.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
INTERFACES