Results 1 to 7 of 7
  1. #1
    Untanglit
    Join Date
    Feb 2019
    Posts
    24

    Default Using NG Firewall in bridge mode

    I have been looking at the Amplifi Alien Wifi 6 router, which has some limited protective functions. Unfortunately, they do not offer a similar access point. My question is the functionality of NG when in bridge mode. Will it still be able to use the applications for protection,vpn, etc? I know this may be basic, but I am new to firewalls. I know a typical gateway like Xfinity's would just pass stuff through in bridge mode. So if that is all NG would do, should I consider removing it?

    Thanks so much for any advice.

  2. #2
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Default

    We are going to need to define some terms.
    There can be an over-broad use of the term 'router' in the consumer market.

    For example, along with any of the individual applications you care to run, NGFW is each of:
    • Router
    • NAT router
    • Firewall
    • DNS server
    • DHCP server

    where so-called consumer 'routers' typcally do all of the above bullet items, plus
    • modem
    • Wi-Fi access Point

    Putting a modem into bridge mode is completely different than NGFW being used as 'bridged'. NGFW functions as a bridge router, when you configure the interfaces that way. There really isn't any different mode; it doesn't disable any features (except NAT).

    If you are putting in ' Amplifi Alien Wifi 6 router' first in-line, then you will be complicating things, AND NGFW can't protect it's Wi-Fi AP.

    I would use a pairing of NGFW and a Ubiquiti UniFi AP.

    Think fine wine, but less expensive.
    Last edited by Jim.Alles; 09-26-2020 at 01:39 PM. Reason: speeling

  3. #3
    Untanglit
    Join Date
    Feb 2019
    Posts
    24

    Default

    You answered my question, I would put the devices in this order Xfinity cable modem, then connect modem to ext WAN on NGFW in bridge mode, then the Alien Wifi 6 Router.

    The Alien Router acts as Wifi Access point, NAT router with DHCP and DNS pointer. So the Alien would be last in line.

    Coax to modem-ethernet to external wan port on NGFW (do I need to change it to internal in bridge mode?)-Amplifi Alien Router.

    I just wanted to make sure NGFW performed all other functions except for routing, NAT,DHCP. Those are handled by new Router.

    Is my understanding correct as far as this configuration?

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Default

    Quote Originally Posted by JamesA View Post
    You answered my question, I would put the devices in this order Xfinity cable modem, then connect modem to ext WAN on NGFW in bridge mode, then the Alien Wifi 6 Router.
    I would put the modem into bridge mode. Then use NGFW as the edge router. It is really necessary to do NAT at that point, to protect from the Internet.

    The Alien Router acts as Wifi Access point, NAT router with DHCP and DNS pointer.
    You loose reporting granularity that way. Everything will appear to originate from the Alien's IP address, in the perspective of NGFW. Also, you won't see the other host names.

    do I need to change it to internal in bridge mode?
    No, there will always be an External - WAN facing interface. Again, there is no bridge mode, per se. It isn't helpful to think of it that way in this case.
    Last edited by Jim.Alles; 09-26-2020 at 05:02 PM.

  5. #5
    Untanglit
    Join Date
    Feb 2019
    Posts
    24

    Default

    Thank you. I understand now. After your explanation I think it may be better to set the Alien router to bridge using it as justan access point and connect that to the third port on my NGFW. That way NGFW will be able to differentiate between traffic coming from wireless devices and had wire devices on the internal network while managing all traffic going inbound and outbound.
    Jim.Alles likes this.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,400

    Default

    The other problem of placing Untangle beyond the NAT barrier is management. You need an Internet routable IP address for both the Untangle AND the Alien router.

    How many IPs does your ISP give you to use again?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Default

    Quote Originally Posted by JamesA View Post
    Thank you. I understand now. After your explanation I think it may be better to set the Alien router to bridge using it as justan access point and connect that to the third port on my NGFW. That way NGFW will be able to differentiate between traffic coming from wireless devices and had wire devices on the internal network while managing all traffic going inbound and outbound.
    Although you have the right concept here, you may have to do some work-arounds. Alien probably doesn't know how to bridge. You will need to turn off (disable) DNS & DHCP. Then don't use the WAN port on the Alien. Plug the NGFW #3 into one of the LAN ports. That should be switched (bridged) to the radios.

    Can Alien do VLANs?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2