Deployment Modes

For additional information, see the following topics:

“Deployment Modes” on page 131

“Network Port Configuration” on page 132

“Security Zone Configuration” on page 135

“IP Interfaces” on page 140

“IP Address Groups” on page 153

“DNS” on page 155

“Default Gateway” on page 156

“Routing” on page 157

“DHCP Server” on page 167

“Network Tools” on page 176

Deployment Modes

The deployment mode you select determines how to configure the IP interfaces and routing on the device. You have the following ways to implement security zones, depending on your current network deployment:

Transparent — In this mode, the device behaves like a layer 2 switch, except that you can still enforce security policy (firewall rules, web content filtering, IPS filtering, etc.) between security zones. All devices share the same IP address which means that you only have one IP interface for all security zones in the same transparent group. All security zones are in the same broadcast domain.

Figure 6–1: X Family Transparent Deployment Mode

Transparent DMZ - NAT/Routed LAN — In this mode, the network is divided into multiple IP subnets. Each security zone has a unique IP interface so that the devices within each zone have a unique IP address space. For example, hosts in the LAN zone use a private (RFC 1918) IP address range, while hosts in the WAN and DMZ zones use another IP address range. Private IP addresses originating in the LAN zone and going to the WAN zone are mapped to one or more public IP addresses using NAT. The internal and external IP interfaces are configured with private and public

X Family LSM User’s Guide V 2.5.1

131