Scenario no. 2: Multiple ports on the LAN/in interface were used on the SN160(W) firewall

Option 1: Connect a network switch to the SN-S-Series firewall

This option does not require any changes to be made to the configuration. It consists of connecting a network switch (not provided by Stormshield) to port 2 (LAN/in interface) on the SN-S-Series firewall and then connecting users to this switch:

 

Option 2: Adapt the configuration of the SN-S-Series firewall

If you choose not to connect a switch to port 2 (LAN/in interface) on the SN-S-Series firewall, you will need to change the configuration on the firewall by creating a bridge that groups all necessary ports on the SN-S-Series firewall, and by transferring the cable connections of ports on the SN160(W) firewall to ports on the new SN-S-Series firewall bridge.

EXAMPLE

  • Cable for port 2 (LAN/in interface) on the SN160(W) firewall to port 2 (LAN/in interface) on the SN-S-Series firewall,
  • Cable for port 3 (LAN/in interface) on the SN160(W) firewall to port 3 (dmz1 interface) on the SN-S-Series firewall,
  • Cable for port 4 (LAN/in interface) on the SN160(W) firewall to port 4 (dmz2 interface) on the SN-S-Series firewall.

For more information on creating bridges, refer to the section Bridge interface in the SNS v4 user guide.

NOTE
The firewall behavior with this bridge will be similar to the configuration on the SN160(W) firewall, but not identical. Even with a pass all policy, traffic that passes through the bridge will be filtered and inspected. Traffic from a host placed on a port on the bridge to another host on another port on the bridge will be inspected by the intrusion prevention engine in this case.

If a Wi-Fi interface was configured on the SN160W firewall

Configure a Wi-Fi access point (not provided by Stormshield) in the same way that the Wi-Fi interface was configured on the SN160W firewall and connect it to:

NOTE
Regardless of the option chosen, on the SN-S-Series firewall, you need to check/adapt the filter policy relating to traffic from the access point that passes through the firewall, in order to apply the address range of the access point and the interface to which the access point is connected.