A network bridge operates at the data link level (L2) of the OSI model and, upon obtaining a frame, checks whether the MAC address in the frame is part of the subnetwork. If the MAC is not part of the subnetwork, the bridge will send (broadcast) the frame to the target segment; otherwise, the bridge will do nothing.
An interface bridge can be used in UserGate similar to a standard interface. In addition, a bridge can be configured for content filtering at L2 without any changes to the existing corporate network infrastructure. The easiest way to use UserGate for content filtering at L2 is as follows:
When creating a bridge, you can specify its working mode type: Layer 2 or Layer 3.
In the Layer 2 mode, the newly created bridge does not need any IP addresses, routes or gateways for proper operation. A bridge in this mode works at the MAC address level and broadcasts packets among segments. In Layer 2 mode you cannot use Content filtering and Mail security, while all other filtering mechanisms are supported.
When the Layer 3 mode is selected, make sure to assign an IP address to the bridge being created and provide the routes to networks connected to the bridge interfaces. In this mode, you can use all filtering mechanisms available in UserGate.
When creating a bridge on a UserGate appliance that features a network adapter with the bypass mode, you can merge two interfaces into a single bypass bridge. A bypass bridge automatically switches the two selected interfaces to the bypass mode (i.e. shortens them by skipping UserGate in the traffic routes) in the following cases:
-
The UserGate appliance is powered off
-
The internal diagnostic system detected an issue in the UserGate software.
For more details on network interfaces that support the bypass mode, please refer to the specifications for UserGate appliances.
Click Add a new bridge to merge multiple physical interfaces into a new interface bridge. Make sure to specify the following parameters:
|
Name |
Description |
|---|---|
|
Enabled |
Enables an interface bridge |
|
Name |
Interface name |
|
Type |
Specify bridge network type - Layer 3 or Layer 2. |
|
Node name |
A node in the UserGate cluster where a new interface bridge will be created |
|
Zone |
A zone to which the interface bridge will belong |
|
Bridge interfaces |
Two interfaces that will be used for creating the interface bridge |
|
Bypass bridge interfaces |
Pair of interfaces which are eligible to create bypass bridge. UserGate appliance with specific network card is required. |
|
STP (Spanning Tree Protocol) |
Enables STP to protect a network from loops |
|
Forward delay |
A delay before switching a bridge into an active mode (Forwarding) when STP is enabled |
|
Maximum age |
A timeout after which an STP connection is considered lost |
|
Network |
Assignment of IP addresses: no address, static IP address or dynamic IP address obtained through DHCP. |
|
DHCP relay |
Configuring a DHCP relay for a bond interface Enable a DHCP relay, then in the UserGate address field, enter the IP address of the interface to which you want to add a relay, and specify one or more DHCP servers to which DHCP queries from clients should be routed. |