D-Link DFL-2500 User Guide - Page 301
Transparent Mode Implementation in, D-Link Firewalls
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 301 highlights
282 Chapter 27. Transparent Mode • Enhanced security - the firewall should be capable of screening the in/out traffic by the defined security rules. D-Link firewalls can work in two modes: Routing Mode & Transparent Mode. In normal Routing Mode, the firewall acts as a Layer 3 router. If the firewall is placed into a network for the first time, or if there is any topological change within the nodes, the routing configuration must thoroughly examined to ensure that the routing table of the firewall system is consistent with the current network layout. Reconfiguration of IP settings is also required for preexisting routers and protected servers. This mode works well when we want to have complete control over routing, and be aware of the specific location of important devices, to have the highest possible security. For instance, we expect that a server located at a protected area only receives necessary traffic. While in the Transparent Mode, the firewall acts more like a switch. It screens IP packets traversing the firewall and forwards them transparently on the right interface without modifying any of the source or destination information. All transparent interfaces are considered to be in the same network, so if one client moves to another interface it can still obtain the same services as before without routing reconfiguration. In transparent mode, the firewall allows ARP transactions over the firewall, and learns from ARP traffic the relation between the IP address and the physical address of the source and destination. There are mechanisms helping the firewall to remember the address information, in order to relay IP packets to the desired receiver. During the transaction, none of the endpoints will be aware of the firewall working in between. 27.2 Transparent Mode Implementation in D-Link Firewalls As explained above, D-Link firewall allows ARP transactions when it is set to be transparent mode and in that sense it works almost as a Layer 2 switch in the network. The firewall uses the ARP traffic as one source of information when building its switch route table. To start with the transparent mode, the following setup needs to be done in the firewall: • Group the interfaces - specify a group of interfaces that are going to use transparent mode. D-Link Firewalls User's Guide