Bridge Mode

Bridge mode is a feature that allows you to install your XTM device between an existing network and its gateway to filter or manage network traffic. When you enable this feature, your XTM device processes and forwards all network traffic to other gateway devices. When the traffic arrives at a gateway from the XTM device, it appears to have been sent from the original device.

To use bridge mode, you must specify an IP address that is used to manage your XTM device. The device also uses this IP address to receive security services signature updates and to route traffic to internal DNS, NTP, or WebBlocker servers. Because of this, make sure you assign an IP address that is routable on the Internet.

In bridge mode, L2 and L3 headers are not changed. If you want traffic on the same physical interface of an XTM device to pass through the device, you cannot use bridge mode. In this case, you must use drop-in or mixed routing mode, and set the default gateway of those computers to be the XTM device itself.

When you use bridge mode, your XTM device cannot complete some functions that require the device to operate as a gateway. These functions include:

If you have previously configured these features or services, they are disabled when you switch to bridge mode. To use these features or services again, you must use a different network mode. If you return to drop-in or mixed routing mode, you might have to configure some features again.

When you enable bridge mode, any interfaces with a previously configured network bridge or VLAN are disabled. To use those interfaces, you must first change to either drop-in or mixed routing mode, and configure the interface as External, Optional, or Trusted, then return to bridge mode. Wireless features on XTM wireless devices operate correctly in bridge mode.

When you configure your XTM device in Bridge Mode, the LCD display on your XTM device shows the IP address of the bridged interfaces as 0.0.0.0. This is expected behavior.

To use a network bridge on an XTMv virtual machine on ESXi, you must enable promiscuous mode on the attached virtual switch (vSwitch) in VMware. You cannot use a network bridge on an XTMv virtual machine on Hyper-V, because Hyper-V virtual switches do not support promiscuous mode.

Enable Bridge Mode

To configure the XTM device in bridge mode:

  1. Select Network > Interfaces.
    The Network Interfaces page appears.
  2. From the Configure Interfaces In drop-down list, select Bridge Mode.

Screen shot of the Network Interfaces page, with bridge mode settings

  1. If you are prompted to disable interfaces, click Yes to disable the interfaces, or No to return to your previous configuration.
  2. Type the IP Address of your XTM device in slash notation.
    For more information on slash notation, see About Slash Notation.
  3. Type the Gateway IP address that receives all network traffic from the device.
  4. Click Save.

Allow Management Access from a VLAN

When you configure an XTM device in bridge mode, you cannot configure VLANs on the XTM device. But the XTM device can pass VLAN tagged traffic between 802.1Q bridges or switches. You can optionally configure the XTM device to be managed from a VLAN that has a specified VLAN tag.

To enable management from a VLAN for a device in bridge mode:

  1. Select Network > Interfaces.
    The Network Interfaces page appears.
  2. Select the Allow VLAN tag for management access check box.
  3. Type or select the VLAN ID you want to allow to connect to the device for management access.
  4. Click Save.

See Also

About LAN Bridges

Drop-In Mode

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base