Configuring interfaces on a bypass segment

This section shows how to configure interfaces on a bypass segment in the SNS firewall web administration interface.

Accessing interface configuration panel

Go to Configuration > Network > Interfaces.

In the grid:

  • The icon indicates the SNS firewall connection interface. If the IP address of this interface is changed during configuration, the connection to the SNS firewall will be lost, and you will need to use the new IP address to connect again.

  • The icon indicates that an interface is associated with a bypass segment. This icon does not appear in SNS 4.3 LTSB versions. If several bypass segments are available, you can scroll over the icon to display the name of the other interface in the bypass segment.

Grouping interfaces from the bypass segment into a bridge

To enable the bypass mechanism on a bypass segment, you will need to group both of its interfaces into a bridge. Although this grouping is not mandatory on SNi40 and SNi20 firewalls, it is strongly recommended.

NOTE
On SNS firewalls that are equipped with a network module, the bypass mechanism cannot be enabled on aggregated module interfaces.

  1. Go to the interface configuration panel.

  2. Click on Add > Bridge > No members.

  3. Give the bridge a name, then click on Apply.

  4. The bridge configuration window appears. In the Address range section, define the desired address range.

  5. In Managing members, select the interfaces of the bypass segment in question.

  6. Click on Apply.

If the interfaces in question and/or address range entered are already being used in the SNS firewall configuration, errors will appear in the Verification of the configuration section. In this case, you need to adapt the SNS firewall configuration and/or select another address range before you can group the interfaces into a bridge.

Once you have created the bridge with the interfaces from the bypass segment:

  • On SNS firewalls that have several bypass segments, the icon is now next to the bridge,

  • On SNi40 and SNi20 firewalls, the icon remains next to the interfaces from the bypass segment.

Optimizing interface and bridge configuration

You can optimize the configuration of interfaces from the bypass segment and the bridge to speed up the bypass process. These optimizations are recommended.

Configuring the same media on both bypass segment interfaces

  1. Go to the interface configuration panel.

  2. Double-click on the first interface in the bypass segment.

  3. In the Advanced properties tab, select the appropriate Media for your environment.

  4. Click on Apply.

  5. Double-click on the second interface in the bypass segment.

  6. In the Advanced properties tab, select the same Media.

  7. Click on Apply.

Disabling Spanning Tree protocols on the bridge

  1. Go to the interface configuration panel.

  2. Double-click on the bridge that groups both bypass segment interfaces.

  3. In the Advanced properties tab, under Loops detection (Spanning Tree), ensure that Disable Spanning Tree protocols has been selected.

  4. Click on Apply.