Managing the Processing Interfaces

Navigate to Network > Manage Processing Interfaces to manage the processing interfaces. You can freely assign VLAN ranges to individual interfaces and group them in bridges as required.

By default, all interfaces of Threat Defender belong to a single bridge. This default configuration provides a working fallback you can activate, if required.

When setting up your own configuration, keep in mind that Threat Defender does not manipulate any packets. Also, packets cannot be transmitted from the same interface they were received on.

Depending on the number of assigned interfaces, there are the following bridge configurations:

  • 1 interface: The bridge is in SPAN mode, i.e. the received packets cannot be transmitted. This configuration can be used for an interface that is connected to a switch via mirror port. It serves analysis purposes, there is no traffic interception, and VLAN tags remain untouched.

  • 2 interfaces: The bridge is in VirtualWire mode, i.e. packets received on one interface are transmitted on the other. VLAN tags remain untouched, but traffic can now be intercepted and the policy can be enforced.

  • 3 or more interfaces: The bridge is in simple switch mode. This means Threat Defender forwards traffic to the target ports as required and acts like an unmanaged switch (VLAN tags still remain untouched).

The following chapters contain example configurations using VLAN tagging: