Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Transparent Bridge Settings

  1. Last updated
  2. Save as PDF

The Transparent Bridge settings are part of the settings for configuring the proxy functions of a Secure Web Gateway appliance in Transparent Bridge mode.

For information about this network mode and how to configure it, see About the Transparent Bridge Mode and Configure the Transparent Bridge Mode.
 

Transparent Bridge

Settings for configuring the Transparent Bridge mode.

Option Definition
Port redirects

Provides a list for entering the ports that requests for web access sent by users of your network are redirected to.
Director priority

Sets the priority (ranging from 0 to 99) that an appliance takes in directing the data packets that are sent in a request by a client.

The highest value prevails. 0 means an appliance is what is known as a scanning node, which never directs data packets, but only scans them.

You can only use this option to configure a node as a scanning node (priority = 0) or a director node (priority > 0). Differences in node priorities > 0 are not evaluated.

After configuring node priorities greater than 0 for multiple appliances in Transparent Bridge mode, you need to watch their behavior to find out which has actually become the director node that directs data packets.
Management IP

Specifies the source IP address of an appliance that directs data packets when sending heartbeat messages to other appliances.
IP spoofing (HTTP, HTTPS)

When selected, the appliance keeps the client IP address that is sent with a request as the source address and uses it in communication with the requested web server under various protocols.

The appliance does not verify whether this address matches the host name of the request.
IP spoofing (FTP)

When selected, the appliance communicates with a file server under the FTP protocol in the same way as under the HTTP or HTTPS protocol to perform IP spoofing

For active FTP, this option must be enabled.

Port Redirects – List Entry

The following table describes an entry in the list of port redirects.

Option Definition
Protocol name

Specifies the name of the protocol used for sending and receiving requests.
Original destination ports

Specifies the ports that redirected requests must originally be sent to if they are to be redirected.
Destination proxy port

Specifies the port that requests are redirected to.
Source IP based exceptions

Excludes requests that have been received from clients with the specified IP addresses from redirecting.

  • For each IP address, a net mask must also be specified.
  • When a request is excluded from redirecting, it is not processed by any of the filtering rules that are implemented.
  • You can configure redirection exceptions in this way to let requests received from trusted sources skip further processing on Web Gateway or for troubleshooting connection problems.
Destination IP based exceptions

Excludes requests that are sent to a destination with the specified IP address from redirecting.

  • For each IP address, a net mask must also be specified.
  • When a request is excluded from redirecting, it is not processed by any of the filtering rules that are implemented.
  • You can configure redirection exceptions in this way to let requests sent to trusted destinations skip further processing

Optional 802.1Q VLANs

Lists the IDs of the network interfaces for VLAN traffic that are configured.
Comment

Provides a plain-text comment on a port redirect.

 

 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.