Plz urgent help in Bridge+Tap mode

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Plz urgent help in Bridge+Tap mode

L2 Linker

Hello

I just need a confirmation if i can configure a TAP interface + 2 bridges interfaces, and make 2 policy rules, one for TAP and the second for the bridge, in order to generate logs for TAP and bridge traffic at once, that is possible?

 

Thanks

1 accepted solution

Accepted Solutions

L7 Applicator

When you configure the TAP port, you must assign that port into a "Zone".  When you create this zone, you must define it as a Zone to be used for TAP interfaces.  (Call it anything you like, I typically use tapzone).  

 

When you use v-wire or L2 bridging, you will create a pair of zones (trust & untrust, inside & outside, etc.) that will also need to be defined as "v-wire" or "L2"-specific zones.  

 

In your security policy, you would then use 2 different rules:

1.) permit from tapzone to tapzone all apps, all ports, all content features, logging enabled

2.) permit from trust to untrust, specific app, application-default port, content features enabled, logging enabled, etc.  

 

Does that answer the question?

View solution in original post

4 REPLIES 4

L7 Applicator

When you configure the TAP port, you must assign that port into a "Zone".  When you create this zone, you must define it as a Zone to be used for TAP interfaces.  (Call it anything you like, I typically use tapzone).  

 

When you use v-wire or L2 bridging, you will create a pair of zones (trust & untrust, inside & outside, etc.) that will also need to be defined as "v-wire" or "L2"-specific zones.  

 

In your security policy, you would then use 2 different rules:

1.) permit from tapzone to tapzone all apps, all ports, all content features, logging enabled

2.) permit from trust to untrust, specific app, application-default port, content features enabled, logging enabled, etc.  

 

Does that answer the question?

ok that mean i can configure the PA for TAP and bridge mode at once, ok that was very helpful i thank you very very much.

NB:(for bridge mode i think also i can use one ZONE layer2 for exmple)

Each interface can be configured to support a specific mode.  You may select one mode per interface (and sometimes, per sub-interface).  For your configuration, you would need 1 port for TAP mode, and then use other ports for other modes (such as L2, L3, v-wire, HA, etc.)  

 

interfacemode.png

thank you very much brother

  • 1 accepted solution
  • 2488 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!