Configuring the intranet interface to work in Layer 2 mode on the firewall

15

Perform as follows to switch a Layer 3 interface to a Layer 2 interface:
[USG] interface GigabitEthernet 0/0/1
[USG-GigabitEthernet0/0/1] portswitch //Configure the interface to work in Layer 2 mode.
To switch Layer 3 Ethernet interfaces to Layer 2 mode in batches, run the portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view.
By default, a Layer 2 Ethernet interface belongs to VLAN 1 and works as an access port.

Other related questions:
Firewall working mode of an AR router
To improve networking flexibility of the firewall, a working mode is defined for different interfaces, instead of an entire router. The working mode of interfaces is defined as routing mode. If a router is located between an internal network and an external network, the firewall configures IP addresses of different segments for the interfaces connecting to the internal network and the external network, respectively, and re-plans the original topological structure. Example: PC (internal network: trust) - AR (with embedded firewall) - (external network: untrust) PC Two security zones are planned: trust zone and untrust zone. The interface of the trust zone is connected to the internal network, and the interface of the untrust zone is connected to the external network. It should be noted that the interfaces of the trust zone and untrust zone are located on two different subnets, separately. When packets are forwarded between interfaces of the Layer 3 zone, the router queries the routing table based on IP addresses of the packets. Unlike other router devices, the AR router further processes the IP packets. It queries the session table or the ACL to determine whether to release the packets. Besides, the firewall needs to complete other attack defense check.

Whether isolation can be implemented when the firewall works in Layer 2 mode
Isolation can be implemented only when the firewall works in Layer 3 mode but not in Layer 2 mode.

Configuring the firewall to use Layer 2 interfaces as heartbeat interfaces
If you want to use a Layer 2 interface as the heartbeat interface, you need to add it to the VLAN, create the VLANIF interface, and configure the IP address of the VLANIF interface. Then use the VLANIF interface as the heartbeat interface and set the remote parameter to specify the heartbeat interface IP address of the peer device.

Whether the firewall supports Layer 2 and Layer 3 hybrid mode
Does the firewall support Layer 2 and Layer 3 hybrid mode? You can run the portswitch command to switch the interface to Layer 2, which is the transparent mode. For other Layer 3 interfaces, configure IP addresses still and use the routing mode to implement Layer 2 and Layer hybrid mode.

Whether USG2000&5000 series virtual firewalls support transparent mode
The virtual firewall supports transparent mode. You can bind virtual firewalls in transparent mode to VLANs one by one to isolate addresses on the same network segment.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top