topic Re: Plz urgent help in Bridge+Tap mode in General Topics

Plz urgent help in Bridge+Tap mode

hamza-zidane — Tue, 20 Mar 2018 22:38:00 GMT

Hello

I just need a confirmation if i can configure a TAP interface + 2 bridges interfaces, and make 2 policy rules, one for TAP and the second for the bridge, in order to generate logs for TAP and bridge traffic at once, that is possible?

Thanks

Re: Plz urgent help in Bridge+Tap mode

jvalentine — Tue, 20 Mar 2018 23:20:42 GMT

When you configure the TAP port, you must assign that port into a "Zone". When you create this zone, you must define it as a Zone to be used for TAP interfaces. (Call it anything you like, I typically use tapzone).

When you use v-wire or L2 bridging, you will create a pair of zones (trust & untrust, inside & outside, etc.) that will also need to be defined as "v-wire" or "L2"-specific zones.

In your security policy, you would then use 2 different rules:

1.) permit from tapzone to tapzone all apps, all ports, all content features, logging enabled

2.) permit from trust to untrust, specific app, application-default port, content features enabled, logging enabled, etc.

Does that answer the question?

Re: Plz urgent help in Bridge+Tap mode

hamza-zidane — Tue, 20 Mar 2018 23:31:03 GMT

ok that mean i can configure the PA for TAP and bridge mode at once, ok that was very helpful i thank you very very much.

NB:(for bridge mode i think also i can use one ZONE layer2 for exmple)

Re: Plz urgent help in Bridge+Tap mode

jvalentine — Tue, 20 Mar 2018 23:38:40 GMT

Each interface can be configured to support a specific mode. You may select one mode per interface (and sometimes, per sub-interface). For your configuration, you would need 1 port for TAP mode, and then use other ports for other modes (such as L2, L3, v-wire, HA, etc.)

Re: Plz urgent help in Bridge+Tap mode

hamza-zidane — Wed, 21 Mar 2018 08:42:26 GMT

thank you very much brother