McAfee MSA-3400-SWGI Installation Guide - Page 13

Transparent bridge mode, What the device does, Configuration, Where to place the device

Get McAfee MSA-3400-SWGI - Web Security Appliance 3400 PDF manuals and user guides View all McAfee MSA-3400-SWGI manuals
Add to My Manuals
Save this manual to your list of manuals

Page 13 highlights

Pre-installation Considerations about Network Modes Transparent bridge mode In transparent bridge mode, the communicating servers are unaware of the device - the device's operation is transparent to the servers. Figure 1: Transparent communication In Figure 1: Transparent communication, the external mail server (A) sends email messages to the internal mail server (C). The external mail server is unaware that the email message is intercepted and scanned by the device (B). The external mail server seems to communicate directly with the internal mail server - the path is shown as a dotted line. In reality, traffic might pass through several network devices and be intercepted and scanned by the device before reaching the internal mail server. What the device does In transparent bridge mode, the device connects to your network using the LAN1 and LAN2 ports. The device scans the traffic it receives, and acts as a bridge connecting two separate physical networks, but treats them as a single logical network. Configuration Transparent bridge mode requires less configuration than transparent router and explicit proxy modes. You do not need to reconfigure all your clients, default gateway, MX records, Firewall NAT or mail servers to send traffic to the device. Because the device is not a router in this mode, you do not need to update a routing table. Where to place the device For security reasons, you must use the device inside your organization, behind a firewall. Figure 2: Single logical network TIP: In transparent bridge mode, position the device between the firewall and your router, as shown in Figure 2: Single logical network. In this mode, you physically connect two network segments to the device, and the device treats them as one logical network. Because the devices - firewall, device, and router - are on the same logical network, they must all have compatible IP addresses on the same subnet. Devices on one side of the bridge (such as a router) that communicate with devices on the other side of the bridge (such as a firewall) are unaware of the bridge. They are unaware that McAfee Email and Web Security Appliance 5.5 Installation Guide 13

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
Transparent bridge mode
In transparent bridge mode, the communicating servers are unaware of the device — the
device’s operation is transparent to the servers.
Figure 1: Transparent communication
In
Figure 1: Transparent communication
, the external mail server (
A
) sends email messages
to the internal mail server (
C
). The external mail server is unaware that the email message is
intercepted and scanned by the device (
B
).
The external mail server seems to communicate directly with the internal mail server — the
path is shown as a dotted line. In reality, traffic might pass through several network devices
and be intercepted and scanned by the device before reaching the internal mail server.
What the device does
In transparent bridge mode, the device connects to your network using the LAN1 and LAN2
ports. The device scans the traffic it receives, and acts as a bridge connecting two separate
physical networks, but treats them as a single logical network.
Configuration
Transparent bridge mode requires less configuration than transparent router and explicit proxy
modes. You do not need to reconfigure all your clients, default gateway, MX records, Firewall
NAT or mail servers to send traffic to the device. Because the device is not a router in this
mode, you do not need to update a routing table.
Where to place the device
For security reasons, you must use the device inside your organization, behind a firewall.
Figure 2: Single logical network
TIP:
In transparent bridge mode, position the device between the firewall and your router, as
shown in
Figure 2: Single logical network
.
In this mode, you physically connect two network segments to the device, and the device treats
them as one logical network. Because the devices — firewall, device, and router — are on the
same logical network, they must all have compatible IP addresses on the same subnet.
Devices on one side of the bridge (such as a router) that communicate with devices on the
other side of the bridge (such as a firewall) are unaware of the bridge. They are unaware that
Pre-installation
Considerations about Network Modes
13
McAfee Email and Web Security Appliance 5.5 Installation Guide