Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nicolas1984
Explorer

Bridge mode with security gateway 3100 - Possible?

Dear community,

I'm installing a new security appliance 3100 on one site of my company, that has 5 ports (eth1, ..., eth5).

eth1 is connected to WAN with a public IP address

eth2 is connected to LAN with a private IP address 192.168.33.254/24 and a DHCP server for LAN clients.

192.168.33.0/24 is part of a VPN domain. Everything works well with this configuration.

Now, as it's a very small site, I'd like to use eth3, eth4 & eth5 for my LAN network too, so I would not need to use an additional switch. I created a bridge called "br1" with IP address 192.168.33.254 and added eth2 & eth3 as members.

Since, I'm not able to do anything from eth2 or eth3. I can't get an IP address, I can't reach Internet (even with a static IP address). The SmartCenter logs have entry for dropped packets with reason "Missing OS route".

My questions are:

- Is this design really supported?

- Do you have any idea about what could prevent this design from working?

Thank you in advance for your suggestions.

0 Kudos
4 Replies
Maarten_Sjouw
Champion
Champion

To be honest I would just buy a 5 port switch for 30 bucks and be done with it, spending more time on it is just not worth the effort.
I agree that it should work but it sounds like this is more a site that should be using a 14x0 instead, the LAN ports there can be setup as a switch, but indeed it is embedded, not full blown Gaia and when you need it...
Regards, Maarten
0 Kudos
Wolfgang
Authority
Authority

nicolas1984,

I think this can‘t work. If you put two interfaces in  bridge mode, the work as a normal bridge like a hardware bridge from the last century. You had then a small switch or better hub with two interfaces. Packets coming from one site of the bridge are forwarded to the other and vice versa. No routing is done, which you need if you want to go out to the internet.

Use a small switch and you‘ll be happy, or Martens idea for a 14xx appliance with LAN-Ports working as switch.

Wolfgang

0 Kudos
PhoneBoy
Admin
Admin

You can only put two interfaces in a bridge.
More than that are not supported.
0 Kudos
Maarten_Sjouw
Champion
Champion

There is one other option if you need the extra interfaces, just split your network into smaller chunks and setup DHCP on each separate network assigned to the different interfaces. Add a rule to allow these networks full access to each other and you are good to go.
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events