Transparent Mode; Overview Of Transparent Mode; Comparison With Routing Mode; Transparent Mode Implementation - D-Link NetDefend DFL-210 User Manual
Network security firewall
Hide thumbs
Also See for NetDefend DFL-210:
- User manual (495 pages) ,
- Log reference manual (476 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
4.6. Transparent Mode
4.6. Transparent Mode
4.6.1. Overview of Transparent Mode
Deploying D-Link Firewalls operating in Transparent Mode into an existing network topology can
significantly strengthen security. It is simple to do and doesn't require reconfiguration of existing
nodes. Once deployed, NetDefendOS can then allow or deny access to different types of services
(for example HTTP) and in specified directions. As long as users of the network are accessing
permitted services through the D-Link Firewall they are not aware of its presence. Transparent
Mode is enabled by specifying a Switch Route instead of a standard Route.
A typical example of Transparent Mode's ability to improve security is in a corporate environment
where there might be a need to protect different departments from one another. The finance
department might require access to only a restricted set of services (HTTP for example) on the sales
department's servers whilst the sales department might require access to a similarly restricted set of
applications on the finance department's network. By deploying a single D-Link Firewall between
the two department's networks, transparent but controlled access can be achieved using the
Transparent Mode feature.
Another example might be an organisation allowing traffic between the external Internet and a range
of public IP address' on an internal network. Transparent mode can control what kind of service is
permitted to these IP addresses and in what direction. For instance the only services permitted in
such a situation may be HTTP access out to the Internet.
4.6.2. Comparison with Routing mode
The D-Link Firewall can operate in two modes: Routing Mode or Transparent Mode. In Routing
Mode, the D-Link Firewall performs all the functions of a Layer 3 router; if the firewall is placed
into a network for the first time, or if network topology changes, the routing configuration must
therefore be thoroughly checked to ensure that the routing table is consistent with the new layout.
Reconfiguration of IP settings may be required for pre-existing routers and protected servers. This
mode works well when complete control over routing is desired.
In Transparent Mode, where Switch Route is used instead of Route, the firewall acts in a way that
has similarities to a switch; it screens IP packets and forwards them transparently to the correct
interface without modifying any of the source or destination information on the IP or Ethernet
levels. Two benefits of Transparent Mode are:
•
When a client moves from one interface to another without changing IP address, it can still
obtain the same services as before (for example HTTP, FTP) without routing reconfiguration.
•
The same network address range can exist on several interfaces.
4.6.3. Transparent Mode Implementation
In transparent mode, NetDefendOS allows ARP transactions to pass through the D-Link Firewall,
and determines from this ARP traffic the relationship between IP addresses, physical addresses and
interfaces. NetDefendOS remembers this address information in order to relay IP packets to the
correct receiver. During the ARP transactions, neither of the endpoints will be aware of the
firewall's presence.
Note
D-Link Firewalls need not operate exclusively in Transparent Mode but can combine
Transparent Mode with Routing Mode to operate in a hybrid mode. That is to say, the
firewall can have both Switch Routes as well as standard routes defined. It is also
possible to create a hybrid case by applying address translation on otherwise
transparent traffic.
119
Chapter 4. Routing
Advertisement
Table of Contents
