Related Topics
Create a Network Bridge Configuration
To use a network bridge, you must create a bridge configuration and assign one or more network interfaces to the bridge.
To use a network bridge on a FireboxV or XTMv virtual machine on ESXi, you must enable promiscuous mode on the attached virtual switch (vSwitch) in VMware. You cannot use a network bridge on a FireboxV or an XTMv virtual machine on Hyper-V, because Hyper-V virtual switches do not support promiscuous mode.
The procedure to configure a network bridge is different in Fireware Web UI than it is in Policy Manager.
Configure a Network Bridge From Policy Manager
To process to change the interface that you use to manage the Firebox to a bridge is easier from Policy Manager, because you can complete all interface configuration settings before you save the updated configuration to the Firebox.
- Select Network > Configuration.
The Network Configuration dialog box appears. - Select the Bridge tab.
- Click Add.
The New Bridge Configuration dialog box appears.
- Type a Name or Alias for the new bridge. This name is used to identify the bridge in network interface configurations.
- (Optional) In the Description text box, type a description of the bridge.
- From the Security Zone list, select Trusted or Optional. The bridge is added to the alias of the zone you specify.
For example, if you choose the Optional security zone, the bridge is added to the Any-Optional network alias.
- Type an IP address in slash notation for the bridge to use.
For more information, see About Slash Notation. - To set the method of IP address distribution for the bridge, select Disable DHCP, Use DHCP Server, or Use DHCP Relay. If necessary, configure your DHCP server, DHCP relay, DNS/WINS server, and DHCP Options settings.
For more information about DHCP configuration, see Configure an IPv4 DHCP Server and Configure DHCP Relay. - To create one or more secondary network IP addresses, select the Secondary tab.
For more information, see Add a Secondary Network IP Address. - To configure a bridge to use IPv6, select the IPv6 tab.
For information about IPv6 settings, see Configure IPv6 for a Trusted or Optional Interface. - To enable Spanning Tree Protocol, select the Bridge Protocols tab, and select Enable Spanning Tree Protocol. Tip!This setting is only available if your Firebox runs Fireware v11.12.2 and higher.
For information about Spanning Tree Protocol, see About Spanning Tree Protocol. - Click OK.
Configure a Network Bridge From Fireware Web UI
Before you change the interface that you use to manage the Firebox to a bridge, make sure the device has at least one other interface that you can use to connect to with the Web UI for management. If you want to use the Web UI to change an interface to a bridge interface, you must connect to a different interface to make this change.
Do not change the interface that you currently use to connect to the Web UI to a bridge interface. This causes you to immediately lose the management connection to the Firebox.
To change the trusted or optional interface you use for management to a bridge interface, from Fireware Web UI:
- Configure another trusted or optional interface to use as a temporary management interface.
- Connect the management computer to the new interface, and log in to the Web UI.
- Change the original management interface to a bridge interface, and configure a LAN bridge that includes this interface.
- Connect the management computer to the original management interface.
- Disable the temporary management interface.
Before you can configure a bridge in the Web UI, you must set one or more physical or wireless interfaces to type Bridge.
- Select Network > Bridge.
The Bridge page appears. A list of Bridge interfaces appears at the top of the page.
- To configure an interface as type Bridge, click Configure.
The Interfaces page appears. - Select the interface to use as a bridged interface.
We recommend that you select an interface not currently in use.
If you change the interface you used to connect to the Web UI to a bridge interface, you immediately lose your connection to the Web UI, and must use a different configured interface to reconnect.
- Click Configure.
- Set the Interface Type to Bridge.
- Repeat Steps 4 and 5 for each interface you want to bridge.
- Click Save.
To add a wireless access point (Access Point 1, Access Point 2, or Access Point 3) to a bridge, you must first set the Interface Type in the wireless access point settings to Bridge. For more information, see Enable Wireless Connections. The numbers for wireless interfaces are ath1, ath2, and ath3.
For more information about wireless interface numbers, see About Network Modes and Interfaces.
After you configure at least one bridge interface, you can create the bridge.
- Select Network > Bridge.
The Bridge page appears. - Click Add.
The Bridge Settings tab appears.
- Type a Name and Description (optional) for the bridge configuration.
- From the Security Zone drop-down list, select an available zone and type an IP Address in slash notation for the bridge.
The bridge is added to the alias of the security zone you specify. - To add network interfaces, select the check box adjacent to each network interface to add to the bridge configuration.
- To configure DHCP settings, select the DHCP tab.
From the DHCP Mode drop-down list, select DHCP Server or DHCP Relay.
For more information on DHCP configuration, see Configure an IPv4 DHCP Server or Configure DHCP Relay. - To add secondary networks to the bridge configuration, select the Secondary tab.
Type an IP address in slash notation and click Add.
For more information on secondary networks, see Add a Secondary Network IP Address. - To configure a bridge to use IPv6, select the IPv6 tab.
For information about IPv6 settings, see Configure IPv6 for a Trusted or Optional Interface. - To enable Spanning Tree Protocol, select the Bridge Protocols tab, and select Enable Spanning Tree Protocol. Tip!This setting is only available if your Firebox runs Fireware v11.12.2 and higher.
For information about Spanning Tree Protocol, see About Spanning Tree Protocol. - Click Save.