You can create up to 4094 L2 bridges on a Kaspersky NGFW device. An L2 bridge can be empty (without interfaces), or it can include from 2 to 4094 interfaces. One L2 bridge can include only interfaces with the same L3 MTU, and each interface can be included in only one L2 bridge. The maximum allowed L3 MTU is 9000 bytes.
Modifying the settings of an existing L2 bridge may clear the MAC address table.
You can add the following interfaces to an L2 bridge:
In this case, only subinterfaces can be part of the bridge. You cannot add interfaces of other types. In this case, the VLAN tag of this subinterface is removed from received packets.
You can create a L2 bridge in a network template or on a Kaspersky NGFW device: An L2 bridge created in a network template is automatically created on all devices that use this template.
To create an L2 bridge:
The table of network interfaces is displayed.
This opens the interface creation window with the General tab selected.
The identifier must be an integer from 1 to 4094.
If you select this option, you need to specify the IP addresses of the network interface with a mask in the IPv4 addresses section in the lower part of the page. Click Add to add more than one IP address. You can add up to 20 IP addresses.
If necessary, you can also delete an added IP address by selecting its row and clicking the Delete button.
To get the DNS server address from a DHCP server, set the corresponding toggle switch to Yes.
If you select this option, in the DNS servers section in the lower part of the page, you can specify IP addresses with masks of the DNS servers that you want to use. You can add up to 8 DNS servers.
If the IP address of the default static route is obtained from the DHCP server, you can view it in the static routing RIB table on the command line.
You can change the protocol only for interfaces included in the L3 security zone. For interfaces included in the L2 security zone, the None value is selected.
You can add physical interfaces, aggregated interfaces, and subinterfaces.
The created interface appears in the list of interfaces.