Deploying Transparent Mode
Transparent mode is also known as bridge mode or transparent bridging mode. Transparent mode is used when the IT administrator does not wish to change the existing network layout. Normally, the existing network has already set up routers and switches. The firewall will be used as a security device.
Transparent mode has the following advantages:
- No need to change IP addresses
- No need to set up NAT rule
Under normal circumstances, the firewall in transparent mode is deployed between the router and the switch of the protected network, or it is installed between the Internet and a company's router. The internal network uses its old router to access the Internet, and the firewall only provides security control features.
This section introduces a configuration example of a firewall deployed between a router and a switch. In this example,the administrator uses eth0/0 to manage firewall. The firewall's eth0/1 is connected to router (which is connecting to the Internet) and eth0/2 is connected to a switch (which is connecting to internal network).
- In the administrator's Ethernet properties, set the IPv4 protocol as below.
- Connect an RJ-45 Ethernet cable from the computer to the eth0/0 of the device.
- In the browser's address bar, type "http://192.168.1.1" and press Enter.
- In the login interface, type the default username and password: hillstone/hillstone.
- Click Login, and the device's system will initiate.
- Create a policy to allow visiting the Internet.
- Create a policy to allow the Internet to visit a private network.
- The two policies above ensure communication between a private network and the Internet. If you want to set up more details, e.g. to limit P2P download, you can add more policies and overlap the new policies with the old ones. The match sequence of policies is determined by their position in the policy list, not their ID numbers.
If you want any PC in the private network to visit and configure the firewall, you can configure a VSwitch interface as a management interface.
- Select Network > Interface.
- Double click vswtichif1.
- Click OK.
- With any PC in the private network, enter the IP address of vswitchif1, and you will visit the firewall web user interface.