Scribd Logo
Importer

Bienvenue sur Scribd !

  • Implement Transparent Subnet Gateway using Bridge Pair

    Transféré par

    Anchit Kharbanda
    97 vues5 pages
    1. Cyberoam can implement transparent subnet gatewaying using a bridge pair configuration to allow two networks separated by a router to share the same IP subnet. 2. A bridge pair is configured between the WAN and DMZ zones with their IP addresses belonging to the same subnet as the external router. Firewall rules are created to allow traffic between the DMZ and WAN zones. 3. This allows servers in the DMZ zone with the external router as their gateway to be accessible over the internet using public IP addresses from the same subnet as the external router, without changing the server configurations.

    Description originale:

    Transparent Subnet Gateway

    Titre original

    How to Implement Transparent Subnet Gateway Using Bridge Pair

    Copyright

    © © All Rights Reserved

    Formats disponibles

    PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    1. Cyberoam can implement transparent subnet gatewaying using a bridge pair configuration to allow two networks separated by a router to share the same IP subnet. 2. A bridge pair is configured between the WAN and DMZ zones with their IP addresses belonging to the same subnet as the external router. Firewall rules are created to allow traffic between the DMZ and WAN zones. 3. This allows servers in the DMZ zone with the external router as their gateway to be accessible over the internet using public IP addresses from the same subnet as the external router, without changing the server configurations.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    97 vues5 pages

    Implement Transparent Subnet Gateway using Bridge Pair

    Transféré par

    Anchit Kharbanda
    1. Cyberoam can implement transparent subnet gatewaying using a bridge pair configuration to allow two networks separated by a router to share the same IP subnet. 2. A bridge pair is configured between the WAN and DMZ zones with their IP addresses belonging to the same subnet as the external router. Firewall rules are created to allow traffic between the DMZ and WAN zones. 3. This allows servers in the DMZ zone with the external router as their gateway to be accessible over the internet using public IP addresses from the same subnet as the external router, without changing the server configurations.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 5

    How To Implement Transparent Subnet Gateway

    To Implement
    using How
    Bridge
    Pair Transparent Subnet Gateway using Bridge Pair

    Applicable Version: 10.00 onwards


    Overview
    Transparent Subnet Gatewaying involves configuring two networks, separated by a router, to share
    the same IP subnet. Cyberoam allows you to implement transparent subnet gatewaying with the help
    of a Bridge Pair Configuration.
    Cyberoam can be deployed in Mix Mode, i.e., with the help of Bridge Pairs, both bridge and route
    modes can be configured simultaneously on a single Cyberoam appliance. This feature is especially
    useful in situations where organizations want to avail security features offered by the UTM without any
    change in their existing network gateway configuration.

    Scenario
    Cyberoam is deployed in Gateway Mode. As shown, the FTP Server (1.1.1.5) and Web Server
    (1.1.1.6) are placed in the DMZ zone. While the LANs gateway is Cyberoam, the servers have their
    gateway configured as the External Router (1.1.1.1) which is not subject to change. The servers are
    to be published over the Internet using public IP addresses that belong to the same subnet as
    External Router. This is achieved by implementing Cyberoam as a transparent subnet gateway in
    which the WAN and DMZ zones are configured as a Bridge Pair.

    How To Implement Transparent Subnet Gateway using Bridge Pair

    Configuration
    The entire configuration is to be done from Cyberoam Web Admin Console using profile having readwrite administrative rights for relevant feature(s).
    You can configure a Bridge Pair by following the steps given below.
    Step 1: Configure Bridge Pair
    Go to Network > Interface > Interface and click Add Bridge-Pair to configure the bridge pair using
    the parameters as shown in the table below.

    Parameter

    Value

    Description

    Name

    WAN_DMZ

    Name to Identify the BridgePair

    IP Address

    1.1.1.2

    Specify IP Address for the BridgePair

    Netmask

    /29 (255.255.255.248) Specify the network subnet mask

    Interface 1

    PortB

    Select the first physical interface for the


    bridge pair

    Zone 1

    WAN

    Select zone to which the Interface 1


    belongs

    Interface 2

    PortC

    Select the second physical interface for the


    bridge pair

    Zone 2

    DMZ

    Select zone to which the Interface 2


    belongs

    Primary DNS Server

    8.8.8.8

    Provide the primary DNS server IP address

    Secondary DNS Server

    4.2.2.2

    Provide the secondary DNS server IP


    address

    Gateway Name

    Default_GW

    Name to identify the Gateway

    Gateway IP

    1.1.1.1

    Specify IP Address for the Gateway

    How To Implement Transparent Subnet Gateway using Bridge Pair

    Click OK to add the Bridge Pair.


    Step 2: Create Firewall Rules
    Go to Firewall > Rule > Rule and click Add to create Firewall Rules to allow traffic from DMZ to WAN
    and WAN to DMZ, as shown below.
    DMZ to WAN
    Specify the parameters as shown in the table below.
    Parameters

    Value

    Description

    Name

    DMZ_WAN

    Provide a unique name to identify firewall rule.

    Source Zone

    DMZ

    Select source zone to which the rule applies.

    Destination Zone

    WAN

    Select destination zone to which the rule applies.

    Action

    Accept

    Specify the action for the traffic matching the criteria.

    Apply NAT

    MASQ

    Check Apply NAT and select MASQ as NAT policy

    How To Implement Transparent Subnet Gateway using Bridge Pair

    Click OK to add the rule.


    WAN to DMZ
    Specify the parameters as shown the table below.
    Parameters

    Value

    Description

    Name

    WAN_DMZ

    Provide a unique name to identify firewall rule.

    Source Zone

    WAN

    Select source zone to which the rule applies.

    Destination Zone

    DMZ

    Select destination zone to which the rule applies.

    Action

    Accept

    Specify the action for the traffic matching the criteria.

    Apply NAT

    MASQ

    Check Apply NAT and select MASQ as NAT policy

    How To Implement Transparent Subnet Gateway using Bridge Pair

    Click OK to add the rule.

    Note:
    -

    It is recommended that you allow only the required traffic from WAN to DMZ to ensure
    security.
    Bridged Interfaces do not support few features as compared to Gateway Mode. For details,
    refer to the article Which features are not supported in Bridged Interface/Port?

    Document Version: 2.0 12 March, 2014

    Vous aimerez peut-être aussi