Bridge mode is a feature that allows you to install your Firebox or XTM device between an existing network and its gateway to filter or manage network traffic. When you enable this feature, your Firebox or XTM device processes and forwards all network traffic to other gateway devices. When the traffic arrives at a gateway from the Firebox or XTM device, it appears to have been sent from the original device.
To use bridge mode, you must specify an IP address that is used to manage your Firebox or XTM device. The device also uses this IP address to get Gateway AV/IPS updates and to route to internal DNS, NTP, or WebBlocker servers as necessary. Because of this, make sure you assign an IP address that is routable on the Internet.
In bridge mode, L2 and L3 headers are not changed. If you want traffic on the same physical interface of a Firebox or XTM device to pass through the device, you cannot use bridge mode. In this case, you must use drop-in or mixed routing mode, and set the default gateway of those computers to be the Firebox or XTM device itself.
When you use bridge mode, your Firebox or XTM device cannot complete some functions that require the device to operate as a gateway. These functions include:
If you have previously configured these features or services, they are disabled when you switch to bridge mode. To use these features or services again, you must use a different network mode. If you return to drop-in or mixed routing mode, you might have to configure some features again.
When you enable bridge mode, any interfaces with a previously configured network bridge or VLAN are disabled. To use those interfaces, you must first change to either drop-in or mixed routing mode, and configure the interface as External, Optional, or Trusted, then return to bridge mode. Wireless features on Firebox or XTM wireless devices operate correctly in bridge mode.
To enable bridge mode:
