Solved Does the firewall usually use bridged or routed mode?

Hello everyone,

In the case of multiple redundancy firewalls, and the internal network all uses public IP and does not use NAT, is the firewall usually used for bridged or routed mode?

If routed mode is used in this case, does it mean that multiple public IP address segments need to be applied?
What is the usual practice?

Thanks.
 
You want to avoid bridging on a firewall as much as possible. The reason is purely that a software firewall on a machine that hasn't been optimized for the purpose makes a pretty badly peforming switch.

Use routed mode and if you think you need bridging still look for other ways around the problem.
 
Thank you. I have learned the difference between bridged and routed modes.

If nat is not used in routed mode and all are public IPs, does it mean that at least two sets of IPs that are not on the same network are required?
 
Your ISP will provide you with the WAN IP address, usually out of a very small transit network, even a /30 with only two usable addresses work. Then on your "LAN" network you will use your routed subnet that uses public IP addresses and those addresses are completely distinct from the WAN IP addresses.

Routing is impossible if both participating networks use the same addressing scheme, so yes two sets of IPs are needed.
 
  • Thanks
Reactions: sdf
Back
Top