Firewalla Bridge Mode
When we first created the Firewalla, we wanted our unit to be versatile enough to fit into any network, big or small. So, we created three styles of deploying Firewalla:
- Simple and DHCP Modes, which simply augment your network with an easy plug-and-play installation that requires very little change to your existing setup. This mode is limited in features compared to a full router or bridge.
- Router Mode, where you make Firewalla your main router. This mode is unique to the Gold and Purple.
- Transparent Bridge Mode places a Firewalla device physically in the middle of an existing network without modifying the IP address of the network.
Last week we introduced Router Mode, the most popular mode for the Gold and Purple platforms. This week we will look at Bridge Mode, which is lesser-known but can work wonders if you have restrictions.
What is Bridge Mode?
Firewalla Transparent Bridge Mode places a Firewalla device physically in the middle of an existing network without modifying the IP address of the network. A transparent bridge firewall is also called a layer 2 firewall, meaning it can filter traffic without detection. Bridge Mode is currently available for Firewalla Purple, Gold, and Gold Plus. However, please note that not all features will work in Bridge Mode.
Bridge Mode is a great option if:
- You'd like to preserve your existing router's functions
- You want to filter traffic without creating additional networks
- Your network is not compatible with Simple Mode, and you don't want to use DHCP Mode
How is Bridge Mode deployed?
When bridged, Firewalla must be placed between a router and a switch or a router and an access point. Firewalla itself will need to acquire an IP address from that router. All network flows passing through Firewalla will be monitored and controlled.
Router <-> Firewalla <-> Wi-Fi access points or switches
Your ISP modem can only issue one IP address, so please do not connect your Firewalla’s WAN port to your modem.
How does Bridge Mode affect my VLANs?
If you have VLANs configured on your router, Firewalla can monitor them in Bridge Mode. To monitor different VLANs on the network, you must use Firewalla's Network Manager to add a new bridge interface with the VLAN ID you want to monitor.
Limitations in Bridge Mode:
Bridge Mode is a layer 2 service. When Bridge Mode is active, all layer 3 (IP layer) services will be disabled. This includes:
- VPN Client
- Policy-Based Routing
- Smart Queue
- Site-to-Site VPN
Please note that if you have devices connected directly to your router (instead of the Firewalla box), Firewalla will still be able to discover those devices, but it will not be able to monitor them.
Also, if you have issues with incoming port forwarding from your main router, please double-check your rules. If you have a blocking rule with the target "Traffic from Internet", please remove it.
How to switch to Bridge Mode:
If you'd like to switch your Firewalla box to Bridge Mode, tap Monitoring from your box's main screen. Then, tap Mode, tap Bridge Mode, and follow the guide to switch.
This is part of our Firewalla Weekly Newsletter. You can sign up here https://firewalla.com/weekly.
Comments
0 comments
Article is closed for comments.