How to configure two or more ports to behave as a Layer 2 switch

Last modified on 13 Sep, 2024. Revision 13
On some situations it could be useful to have a couple of extra switch ports. It is possible to use transparent mode to configure some ports to act as a switch.
Up to date for
Core 14.00.16
Supported since
Core 12.00.01
Status OK
Author
Daniele Bottini

NOTE: HA does not support transparent mode

Here is a step by step guide or also you can follow the video tutorial at the following link:

Setting up a NGFW in Transparent Mode

1 Create an interface group

First we need to create an interface group containing the ports that will form the switch.
In this example we will use ports G5 and G6.
Network > Interfaces and VPN > Miscellaneous > Interface Groups

2 Define an IP, network and DHCP pool objects

In this example we will create the following objects that will be used on the switch, 

LANZone_ip  -   192.168.80.1
LANZone_net - 192.168.80.0/24
LANZone_pool - 192.168.80.101-192.168.80.150


Object > General > Address book

3 Define a DHCP server

Network > Network Services > DHCP Servers

Here we will create a DHCP server named DHCP_LANZone and will specify the IP pool object created earlier


4 Enable transparent mode on the involved interfaces

In our example we need to enable transparent mode on both interfaces G5, G6 and will specify the same IP and network objects created earlier on each interface.


5 Add a core route for the IP address and ProxyARP the Interface group

Since we will need that the firewall replies to the switch DHCP requests, we need first to create a core route and specify the LANZone IP address.

Then will need to add the Interface group as Proxy ARP

Network > Routing > Routing Tables> Main

6 Setup the necessary policies to allow traffic

Policies > Rules > Main IP rules



Related articles

Upgrading EasyAccess to PhenixID Authentication Services
16 Aug, 2024 changeme easyaccess phenixid pas



Tagscore