topic Re: Bridge mode with security gateway 3100 - Possible? in Endpoint

Bridge mode with security gateway 3100 - Possible?

nicolas1984 — Fri, 11 Oct 2019 09:49:14 GMT

Dear community,

I'm installing a new security appliance 3100 on one site of my company, that has 5 ports (eth1, ..., eth5).

eth1 is connected to WAN with a public IP address

eth2 is connected to LAN with a private IP address 192.168.33.254/24 and a DHCP server for LAN clients.

192.168.33.0/24 is part of a VPN domain. Everything works well with this configuration.

Now, as it's a very small site, I'd like to use eth3, eth4 & eth5 for my LAN network too, so I would not need to use an additional switch. I created a bridge called "br1" with IP address 192.168.33.254 and added eth2 & eth3 as members.

Since, I'm not able to do anything from eth2 or eth3. I can't get an IP address, I can't reach Internet (even with a static IP address). The SmartCenter logs have entry for dropped packets with reason "Missing OS route".

My questions are:

- Is this design really supported?

- Do you have any idea about what could prevent this design from working?

Thank you in advance for your suggestions.

Re: Bridge mode with security gateway 3100 - Possible?

Maarten_Sjouw — Fri, 11 Oct 2019 17:33:29 GMT

To be honest I would just buy a 5 port switch for 30 bucks and be done with it, spending more time on it is just not worth the effort.
I agree that it should work but it sounds like this is more a site that should be using a 14x0 instead, the LAN ports there can be setup as a switch, but indeed it is embedded, not full blown Gaia and when you need it...

Re: Bridge mode with security gateway 3100 - Possible?

Wolfgang — Fri, 11 Oct 2019 21:23:05 GMT

nicolas1984,

I think this can‘t work. If you put two interfaces in bridge mode, the work as a normal bridge like a hardware bridge from the last century. You had then a small switch or better hub with two interfaces. Packets coming from one site of the bridge are forwarded to the other and vice versa. No routing is done, which you need if you want to go out to the internet.

Use a small switch and you‘ll be happy, or Martens idea for a 14xx appliance with LAN-Ports working as switch.

Wolfgang

Re: Bridge mode with security gateway 3100 - Possible?

PhoneBoy — Fri, 11 Oct 2019 21:50:08 GMT

You can only put two interfaces in a bridge.
More than that are not supported.

Re: Bridge mode with security gateway 3100 - Possible?

Maarten_Sjouw — Sat, 12 Oct 2019 07:25:33 GMT

There is one other option if you need the extra interfaces, just split your network into smaller chunks and setup DHCP on each separate network assigned to the different interfaces. Add a rule to allow these networks full access to each other and you are good to go.