Introduction

Transparent mode essentially turns a layer-3 firewall into a transparent, layer-2 bump in a wire. An architect may be reluctant to alter the routing by adding a hop and modifying the layer-3 topology of her environment because of functional requirements, or for convenience. To implement a layer-2 device, all she needs is to schedule an outage and move some cables, and the transparent firewall deployment is akin to dropping such a bridge or switch (a multiport bridge in its own right) into her infrastructure. No routes added up or downstream, no subnetting, and no cabling considerations. Perhaps most crucial to simplicity, nodes behind the transparent firewall won t require re-addressing either, as they remain on the same subnet as the hosts they re firewalled from.

SonicWALL s firewalls achieve this by disabling the default NAT behavior for any IP addresses in a transparent range. It s as simple as it sounds, and more explanation would make the description needlessly complex in Transparent mode, addresses off any transparent interface are passed through the firewall without translation to or from the WAN interface, as though they were bridged.

Interface Settings

Before we talk about Transparent mode, some clarification about interfaces is in order. There are two types of interfaces on a SonicWALL: a/the WAN interface(s) (up to a maximum of two physical ports), which is untrusted, and other. These subsequent interfaces are merely additional OPT or X[1 5], usually trusted interfaces, much like the LAN interface (an additional DMZ interface, for example), and the latter X...