About LAN Bridges
A local area network bridge logically combines multiple interfaces to work as a single network, with a single interface name and IP address. You configure the interface IP address and other interface settings in the bridge configuration, and then configure interfaces as members of the bridge. A bridge must include at least one interface and can include any combination of physical, wireless, and link aggregation interfaces.
A bridge operates in the same way as any other network interface. It is technically an untagged VLAN network that you assign to multiple interfaces. The bridge operates as a Layer 2 switch, which means the Firebox routes traffic between bridge interfaces but does not apply policies to that traffic by default. In Fireware v12.7 or higher, you can select to apply firewall policies to traffic that passes between bridge member interfaces, which is known as intra-bridge traffic.
You can configure a bridge in the trusted, optional, or custom security zone. The configuration settings for a bridge are similar to the settings for any other trusted, optional, or custom network interface. For example, you can configure DHCP to give IP addresses to clients on a bridge, or use the bridge name as an alias in firewall policies.
For information about how to configure interfaces as a bridge, see Create a Network Bridge Configuration
If you want all of the Firebox interfaces to be on the same network, we recommend that you use bridge mode for your network configuration.
Spanning Tree Protocol
For instructions to enable Spanning Tree Protocol on a LAN bridge, see Create a Network Bridge Configuration.
For detailed technical information about Spanning Tree Protocol, see About Spanning Tree Protocol.