5.2.3. Creating a bridge

A network bridge operates at the data link level (L2) of the OSI model and, upon obtaining a frame, checks whether the MAC address in the frame is part of the subnetwork. If the MAC is not part of the subnetwork, the bridge will send (broadcast) the frame to the target segment; otherwise, the bridge will do nothing.

An interface bridge can be used in UserGate similar to a standard interface. In addition, a bridge can be configured for content filtering at L2 without any changes to the existing corporate network infrastructure. The easiest way to use UserGate for content filtering at L2 is as follows:

image3

When creating a bridge, you can specify its working mode type: Layer 2 or Layer 3.

In the Layer 2 mode, the newly created bridge does not need any IP addresses, routes or gateways for proper operation. A bridge in this mode works at the MAC address level and broadcasts packets among segments. In Layer 2 mode you cannot use Content filtering and Mail security, while all other filtering mechanisms are supported.

When the Layer 3 mode is selected, make sure to assign an IP address to the bridge being created and provide the routes to networks connected to the bridge interfaces. In this mode, you can use all filtering mechanisms available in UserGate.

When creating a bridge on a UserGate appliance that features a network adapter with the bypass mode, you can merge two interfaces into a single bypass bridge. A bypass bridge automatically switches the two selected interfaces to the bypass mode (i.e. shortens them by skipping UserGate in the traffic routes) in the following cases:

  • The UserGate appliance is powered off

  • The internal diagnostic system detected an issue in the UserGate software.

For more details on network interfaces that support the bypass mode, please refer to the specifications for UserGate appliances.

Click Add a new bridge to merge multiple physical interfaces into a new interface bridge. Make sure to specify the following parameters:

Name

Description

Enabled

Enables an interface bridge

Name

Interface name

Type

Specify bridge network type - Layer 3 or Layer 2.

Node name

A node in the UserGate cluster where a new interface bridge will be created

Zone

A zone to which the interface bridge will belong

Bridge interfaces

Two interfaces that will be used for creating the interface bridge

Bypass bridge interfaces

Pair of interfaces which are eligible to create bypass bridge. UserGate appliance with specific network card is required.

STP (Spanning Tree Protocol)

Enables STP to protect a network from loops

Forward delay

A delay before switching a bridge into an active mode (Forwarding) when STP is enabled

Maximum age

A timeout after which an STP connection is considered lost

Network

Assignment of IP addresses: no address, static IP address or dynamic IP address obtained through DHCP.

DHCP relay

Configuring a DHCP relay for a bond interface Enable a DHCP relay, then in the UserGate address field, enter the IP address of the interface to which you want to add a relay, and specify one or more DHCP servers to which DHCP queries from clients should be routed.