Create a Network Bridge Configuration

To use a network bridge, you must create a bridge configuration and assign one or more network interfaces to the bridge.

To use a network bridge on a FireboxV virtual machine on ESXi, you must enable promiscuous mode on the attached virtual switch (vSwitch) in VMware. You cannot use a network bridge on a FireboxV virtual machine on Hyper-V, because Hyper-V virtual switches do not support promiscuous mode.

The procedure to configure a network bridge is different in Fireware Web UI than it is in Policy Manager.

Configure a Network Bridge From Policy Manager

To change the interface used to manage the Firebox to a bridge, we recommend that you use Policy Manager. If you use Policy Manager, you can complete all interface configuration settings before you save the updated configuration to the Firebox.

  1. Select Network > Configuration.
    The Network Configuration dialog box appears.
  2. Select the Bridge tab.
  3. Click Add.
    The New Bridge Configuration dialog box appears.

New Bridge Configuration dialog box

  1. Type a Name or Alias for the new bridge. This name identifies the bridge in network interface configurations.
  2. (Optional) In the Description text box, type a description of the bridge.
  3. From the Security Zone list, select Trusted or Optional. The bridge is added to the alias of the zone you specify.

For example, if you choose the Optional security zone, the bridge is added to the Any-Optional network alias.

  1. Type an IP address in slash notation for the bridge to use.
    For more information, go to About Slash Notation.
  2. To set the method of IP address distribution for the bridge, select Disable DHCP, Use DHCP Server, or Use DHCP Relay.
  3. If you selected Use DHCP Server or Use DHCP Relay, configure the DHCP and DNS/WINS settings.
    For more information about DHCP configuration, go to Configure an IPv4 DHCP Server and Configure DHCP Relay.
  4. (Fireware v12.7 or higher) To configure the Firebox to inspect and log traffic that passes between bridge member interfaces, select Apply firewall policies to intra-bridge traffic. By default this option is not selected. If you keep this option unselected, the Firebox allows the traffic but does not inspect or log the traffic. For more information, go to Apply Polices to Intra-Bridge Traffic.
  5. To create one or more secondary network IP addresses, select the Secondary tab.
    For more information, go to Add a Secondary Network IP Address.
  6. To configure a bridge to use IPv6, select the IPv6 tab.
    For information about IPv6 settings, go to Configure IPv6 for a Trusted or Optional Interface.
  7. To enable Spanning Tree Protocol, select the Bridge Protocols tab, and select Enable Spanning Tree Protocol.
    For information about Spanning Tree Protocol, go to About Spanning Tree Protocol.
  8. Click OK.

Configure a Network Bridge From Fireware Web UI

Before you change the interface that you use to manage the Firebox to a bridge, make sure the device has at least one other interface that you can use to connect to with the Web UI for management. If you want to use the Web UI to change an interface to a bridge interface, you must connect to a different interface to make this change.

WARNING: Do not change the interface that you currently use to connect to the Web UI to a bridge interface. This causes you to immediately lose the management connection to the Firebox.

To change the trusted or optional interface you use for management to a bridge interface, from Fireware Web UI:

  1. Configure another trusted or optional interface to use as a temporary management interface.
  2. Connect the management computer to the new interface, and log in to the Web UI.
  3. Change the original management interface to a bridge interface, and configure a LAN bridge that includes this interface.
  4. Connect the management computer to the original management interface.
  5. Disable the temporary management interface.

Before you can configure a bridge in the Web UI, you must set one or more physical or wireless interfaces to type Bridge.

  1. Select Network > Bridge.
    The Bridge page appears. A list of Bridge interfaces appears at the top of the page.

  1. To configure an interface as type Bridge, click Configure.
    The Interfaces page appears.
  2. Select the interface to use as a bridged interface and click Edit.
    We recommend that you select an interface not currently in use.

WARNING: If you change the interface you used to connect to the Web UI to a bridge interface, you immediately lose your connection to the Web UI, and must use a different configured interface to reconnect.

  1. Set the Interface Type to Bridge.
  2. Repeat Steps 4 and 5 for each interface you want to bridge.
  3. Click Save.

To add a wireless access point (Access Point 1, Access Point 2, or Access Point 3) to a bridge, you must first set the Interface Type in the wireless access point settings to Bridge. For more information, go to Enable Wireless Connections. The numbers for wireless interfaces are ath1, ath2, and ath3.

For more information about wireless interface numbers, go to About Network Modes and Interfaces.

After you configure at least one bridge interface, you can create the bridge.

  1. Select Network > Bridge.
    The Bridge page appears.
  2. Click Add.
    The Bridge Settings tab appears.

Bridge configuration settings

  1. Type a Name and Description (optional) for the bridge configuration.
  2. From the Security Zone drop-down list, select an available zone.
  3. Type an IP Address in slash notation for the bridge.
    The bridge is added to the alias of the security zone you specify.
  4. To add network interfaces, select the check box adjacent to each network interface to add to the bridge configuration.
  5. To configure DHCP settings, select the DHCP tab.
    From the DHCP Mode drop-down list, select DHCP Server or DHCP Relay.
    For more information about DHCP configuration, go to Configure an IPv4 DHCP Server or Configure DHCP Relay.
  6. (Fireware v12.7 or higher) To configure the Firebox to inspect and log traffic that passes between bridge member interfaces, select Apply firewall policies to intra-bridge traffic. By default this option is not selected. If you keep this option unselected, the Firebox allows the traffic but does not inspect or log the traffic. For more information, go to Apply Polices to Intra-Bridge Traffic.
  7. To add secondary networks to the bridge configuration, select the Secondary tab.
    Type an IP address in slash notation and click Add.
    For more information on secondary networks, go to Add a Secondary Network IP Address.
  8. To configure a bridge to use IPv6, select the IPv6 tab.
    For information about IPv6 settings, go to Configure IPv6 for a Trusted or Optional Interface.
  9. To enable Spanning Tree Protocol, select the Bridge Protocols tab, and select Enable Spanning Tree Protocol.
    For information about Spanning Tree Protocol, go to About Spanning Tree Protocol.
  10. Click Save.

You cannot delete a bridge configuration if wireless interfaces are currently assigned to the bridge. To delete the bridge, you must first remove the wireless interfaces assigned to the bridge.

SRelated Topics

About LAN Bridges

Assign a Network Interface to a Bridge

Apply Polices to Intra-Bridge Traffic