Accept, or Drop Ethernet Frames with Specific Protocols

By default, Security Gateway in the Bridge mode allows Ethernet frames that carry protocols other than IPv4 (0x0800), IPv6 (0x86DD), or ARP (0x0806) protocols.

You can configure a Security Group in the Bridge Mode to either accept, or drop Ethernet frames that carry specific protocols.

When Access Mode VLAN (VLAN translation) is configured, BPDU frames can arrive with the wrong VLAN number to the switch ports through the Bridge interface. This mismatch can cause the switch ports to enter blocking mode.

In Active/Standby Bridge Mode only, you can disable BPDU forwarding to avoid such blocking mode:

Step	Instructions
1	Connect to the command line on the applicable Security Group.
2	Log in to the Expert mode.
3	Back up the current /etc/rc.d/init.d/network file: cp -v /etc/rc.d/init.d/network{,_BKP}
4	Edit the current /etc/rc.d/init.d/network file: vi /etc/rc.d/init.d/network
5	After the line: ./etc/init.d/functions Add this line: /sbin/sysctl -w net.bridge.bpdu_forwarding=0
6	Save the changes in the file and exit the editor.
7	Reboot the Security Group: reboot -b all
8	Connect to the command line on the applicable Security Group.
9	Log in to the Expert mode.
10	Make sure the new configuration is loaded: sysctl net.bridge.bpdu_forwarding The expected output: net.bridge.bpdu_forwarding = 0