Specifications
Advanced Deployment Options
3-9
Advanced Deployment Scenarios
In addition to the basic deployment scenario, administrators can deploy InterScan
Gateway Security Appliance:
• In two transparent proxy modes:
• Transparent proxy mode
• Fully transparent proxy mode
• In a DMZ environment
• In conjunction with a load-balancing device
• In a single-segment environment
• In a multi segment environment
Note: InterScan Gateway Security Appliance cannot be deployed in a tagged VLAN
topology, because the appliance does not support VLAN tags.
Operation Modes
InterScan Gateway Security Appliance implements transparent proxy with bridging.
Note: The appliance can be deployed as an inline (pass-through) device only. It cannot be
used as a router or proxy server.
All Ethernet packets are transferred between INT (eth0) and EXT (eth1) ports. In
transparent proxy with bridging, the appliance is transparent to other computers (that
is, clients, servers, network devices). Other network devices cannot address the appli
-
ance directly. However, they can address it at the network layer if an IP address is
assigned to the virtual bridge interface (br0).
Bridging is a technique for creating a virtual, wide-area Ethernet LAN running on a
single subnet. A network that uses Ethernet bridging combines an Ethernet interface
with one or more virtual tap interfaces and brides them together under the umbrella of
a single bridge interface. Ethernet bridges represent the software analog to a physical
Ethernet switch. An Ethernet bridge is a kind of software switch that network admin
-
istrators can use to connect multiple Ethernet interfaces (either physical or virtual) on
a single computer while sharing a single IP subnet.