Article Applies To:
Gen5: NSA E8510, E8500, E7500, NSA E6500, NSA E5500,
NSA 5000, NSA 4500, NSA 3500, NSA 2400, NSA 2400MX, NSA 220, NSA 220W
NSA 240, NSA 250M, NSA250MW
Gen5 TZ series: TZ 100, TZ 100W, TZ 105, TZ 105W TZ 200, TZ 200W, TZ 205, TZ 205W TZ 210, TZ 210W,TZ 215, TZ 215W.
Gen4 PRO series: PRO 5060, PRO 4100, PRO 4060,PRO 3060, PRO 2040, PRO 1260
Gen4 TZ series: TZ 190, TZ 190 W, TZ 180, TZ 180 W, TZ 170, TZ 170 W, TZ 170 SP, TZ 170 SP Wireless.
Firmware/Software Version: All SonicOS Enhanced versions.
Services: DMZ / OPT configuration
Transparent mode simulates the bridging of WAN-side IP
addresses/subnets onto internal interfaces, such as the LAN or DMZ
interface, by means of controlling the ARP and routing behavior for the
affected addresses. Transparent Mode allocations are extremely flexible,
allowing for multiple internal interfaces in different zones to
simultaneously operate in Transparent Mode, as long as the address
assignments remain unique and non-overlapping. Transparent mode can be
useful in environments where it is not possible to change existing
internal IP addressing, or where it is necessary to deploy a SonicWALL
in a non-interruptive, in-line fashion.
Transparent Mode works on a SonicWALL by defining a
“Transparent Range” address object associated with the WAN subnet. The
“Transparent Range” defines which external (WAN side) IP addresses the
SonicWALL will consider to be attached to an internal interface. The
Transparent Range object can be a Host, Range, or group of Host or Range
Address Objects. Addresses within the Transparent Range will not be
NAT’d on egress from the WAN interface, instead, they will retain their
original source IP addresses.
Configuring Interfaces in Transparent Mode
Transparent Mode enables the SonicWALL security
appliance to bridge the WAN subnet onto an internal interface. To
configure an interface for transparent mode, complete the following
Step 1 Click on the
Configure icon in the
Configure column for
Unassigned Interface you want to configure. The
Edit Interface window is displayed.
Step 2 Select an interface.
•If you select a configurable interface, select
•If you want to create a new zone for the configurable interface, select
Create a new zone. The
Add Zone window is displayed.
Step 3 Select
Transparent Mode from the
IP Assignment menu.
Step 4 From the
Transparent Range menu,
select an address object that contains the range of IP addresses you
want to have access through this interface. The address range must be
within the WAN zone and must not include the WAN interface IP address.
If you do not have an address object configured that meets your needs:
a. In the
Rangemenu, select Create New Address Object.
b. In the
Add Address Object window, enter a name for the address range.
Zone Assignment, select
Host if you want only one network device to connect to this interface.
Range to specify a range of IP addresses by entering beginning and ending value of the range.
Network to specify a subnet by entering the beginning
value and the subnet mask. The subnet must be within the WAN address
range and cannot include the WAN interface IP address.
c. Enter the IP
address of the host, the beginning and ending address of the range, or
the IP address and subnet mask of the network.
OK to create the address object and return to the
Edit Interface window.
Step 5 Enter any optional comment text in the
Comment field. This text is displayed in the
Comment column of the
Step 6 If you want
to enable remote management of the SonicWALL security appliance from
this interface, select the supported management protocol(s):
SSH. To allow access to the WAN interface for management from another zone on the same appliance, access rules must be created.
Step 7 If you want
to allow selected users with limited management rights to log directly
into the security appliance through this interface, select
Step 8 Click
Note: The administrator password is required to regenerate encryption keys after changing the SonicWALL security appliance’s address.
Configuring Advanced Settings for the Interface
If you need to force an Ethernet speed, duplex and/or MAC address, click the
Advanced tab. The
Ethernet Settings section allows you to manage the Ethernet settings of links connected to the SonicWALL.
Auto Negotiate is selected by default as the
Link Speed because
the Ethernet links automatically negotiate the speed and duplex mode of
the Ethernet connection. If you want to specify the forced Ethernet
speed and duplex, select one of the following options from the
Link Speed menu:
•1000 Mbps - Full Duplex ()
•100 Mbps - Full Duplex
•100 Mbps - Half Duplex
•10 Mbps - Full Duplex
•10 Mbps - Half Duplex
You can choose to override the
Default MAC Address for the Interface by selecting
Override Default MAC Address and entering the MAC address in the field. Check
Enable Multicast Support to allow multicast reception on this interface.
you select a specific Ethernet speed and duplex, you must force the
connection speed and duplex from the Ethernet card to the SonicWALL
security appliance as well.
Configuring the hosts connected to the Transparent interface:
The hosts connected to the X2 interface should be configured with the IP addresses within the
Transparent Range. The
default gateway could either be the upstream ISP router address or the
SonicWALL WAN interface IP. Once the hosts are configured appropriately
they will be able to go online with the IP address assigned to them
without being NAT'ed. Conversely, the hosts can be reached from the WAN
side of the SonicWALL with the IP address assigned to them provided a
WAN > DMZ Allow rule exists.