topic Re: Bridge Mode VS in Firewall and Security Management

Bridge Mode VS

CyberBreaker — Thu, 19 Mar 2020 05:16:42 GMT

Hi Guys,

I am struggling to configure bridge mode in my VS with active/standby clusterXL. In my understanding, if you are running bridge mode, you need to have bridge interface however, when I tried to create a new VS, it asked me to tag the VLAN and asked what is the external and internal interfaces.

So I created a bridge interfaces beforehand I enabled the VSX feature and created the bridge ID in the smart console as shown below,

br1 = eth1 and eth2

br2 = eth3 and eth4

In the smart console, I created a new VS and associate br1.x (x = VLAN ID). Is this the correct way to configure the bridge mode in VSX? Also, how can you determine the external and internal if you only have now br interface?

Thank you.

Re: Bridge Mode VS

PhoneBoy — Sun, 22 Mar 2020 00:21:45 GMT

That sounds correct.
In general you should mark Bridge interfaces as External.

Re: Bridge Mode VS

CyberBreaker — Sun, 22 Mar 2020 06:21:23 GMT

Hi @PhoneBoy,

so I created the "br1" and "br2" in GAIA however, when I configure the VS in SmartConsole, it ask me for a VLAN. Do I need to put the VLAN per "br" interface? For example, br1.20 then br1.30?

Another way that I tried it to setup everything in Smart Console which includes the VS in bridge mode then I configured the following interfaces,

eth1.X and eth2.X

eth1.Y and eth2.Y

eth1.Z and eth2.Z

Then, Smart Conole successfully pushed down the config and policy to the VS then when I checked the CLI of the gateway, it created automatically the bridge interfaces.

Is this correct also?

Thanks

Re: Bridge Mode VS

PhoneBoy — Sun, 22 Mar 2020 06:25:55 GMT

I believe both of those approaches will work.
However, I will have to defer to someone with a little more recent VSX experience than me 🙂

Re: Bridge Mode VS

CyberBreaker — Sun, 22 Mar 2020 06:28:18 GMT

Thank you so much @PhoneBoy, it is such a bit tricky to configure VS in bridge mode compare to a non-VS gateway.

Re: Bridge Mode VS

Maarten_Sjouw — Sun, 22 Mar 2020 07:45:01 GMT

When you add the BR1 and BR2 interfaces to your VSX gateway, and you do not want to use VLAN's on thoes interfaces, you should not tick the Trunk box in that list. So when it is asking for VLAN information the interface has been set to trunk in topology, just untick that and you should not get the VLAN request.

Re: Bridge Mode VS

CyberBreaker — Sun, 22 Mar 2020 07:57:32 GMT

Hi @Maarten_Sjouw ,

Thanks for the feedback. But if I did not tick the TRUNK box, does it means that the bridge interfaces will not act as a trunk? My target is to make my bridge interfaces as trunk so that whatever VLANs configured in the switches, it can pass through the VS.

Also, the other way that I tried is to configure my VS as bridge mode then I configured in Smart Console the eth1.X and eth2.X then eth1.Y and eth2.Y. The when I checked the CLI, it automatically configured bridge interfaces.

Thank you so much.

Re: Bridge Mode VS

Maarten_Sjouw — Sun, 22 Mar 2020 18:07:00 GMT

I really can't tell you as I have never needed this nor tested it. But you could try it yourself, however I think you really do need to add the VLAN subinterface for those VLANs you want to allow through.