User manual
Network Connections
58
Bridging
The CyberGuard SG may be configured as a network bridge. You may bridge between
network ports (e.g. Internet – LAN) or enable bridging on a single port (typically LAN or
DMZ) for bridging across a VPN connection.
When bridging has been enabled, a Bridge / br0 port will appear in the Connections
menu. It will be allocated the IP address of the port on which bridging was enabled. This
IP address will be used primarily for accessing the CyberGuard SG appliance
management console, and does not have to be part of the networks that the CyberGuard
SG appliance may being used to bridge between.
Bridging between network ports
Select Bridged (Internet/DMZ/LAN) on the two ports to create a bridge between them.
The CyberGuard SG appliance will learn which computers or devices are present on
either side of the bridge and direct traffic appropriately.
Note
When the CyberGuard SG appliance is bridging between LAN and Internet, it will not be
performing NAT/masquerading. PCs will typically use an IP address on the network
connected to the CyberGuard SG appliance’s Internet port as their gateway, rather than
the CyberGuard SG appliance itself.
Bridging across a VPN connection
Bridging across a VPN connection is useful for:
• Sending IPX/SPX over a VPN, something that is not supported by other VPN
vendors.
• Serving DHCP addresses to remote sites to ensure that they are under better
control.
• It allows users to make use of protocols that do not work well in a WAN
environment (e.g. netbios).
A guide to bridging across an IPSec tunnel using GRE is provided in the section entitled
GRE over IPSec in the Virtual Private Networking chapter.