Apply Polices to Intra-Bridge Traffic

By default, the Firebox routes traffic between bridge interfaces but does not apply policies to that traffic. The Firebox does not inspect or log the traffic.

In Fireware v12.7 or higher, you can select to apply firewall policies to traffic that passes between bridge member interfaces, which is known as intra-bridge traffic. In the bridge configuration, if you select Apply firewall policies to intra-bridge traffic, the Firebox inspects and logs this traffic.

To configure intra-bridge traffic inspection, see Create a Network Bridge Configuration.

Log Messages

In Traffic Monitor, you can see log messages for events related to intra-bridge traffic.

In the following example, the Firebox allowed traffic between hosts on different bridge member interfaces that belong to the bridge br0.

Jan 26 17:30:45 2021 M370_sslvpn_bridge local0.warn firewall: msg_id="3000-0148" Allow br0 br0 84 icmp 20 64 10.0.5.96 10.0.5.254 8 0 id=3 seq=138 (Test01-00)

In this log message:

  • br0 — Bridge name
  • Test01-00 — Name of the policy that matched this traffic
  • 10.0.5.96 10.0.5.254 — Hosts on different interfaces that are members of the bridge br0

See Also

About LAN Bridges

Create a Network Bridge Configuration