Bridged Deployment

This deployment is similar to Transparent Deployment in that all outbound network traffic flows through the web appliance. Bridged Deployment, however, requires the optional bridge card included with some appliance models.

  • Inspects HTTP and HTTPS traffic.
  • Only the web appliance requires configuration.
  • If it fails, you must power down the web appliance, but network traffic will continue to flow.


This deployment uses the web appliance’s bridge card, with the Network Interface page’s Deployment mode set to Bridged. In this configuration, the Configuration port to which you connect your laptop or PC to run the setup wizard still appears along the bottom of the appliance, as illustrated in the diagram below (to the right of the middle on the back of the appliance ), but this is the only RJ45 port at that location.

There are two ports on the bridge card in the upper-right corner of the back of the appliance. Immediately to the left of these is a small group of six LEDs that indicate LAN connection status, as described in the "Appliance Hardware" page. Of the two RJ45 ports on this card, the one to the left is the WAN port, which you connect to your firewall for WAN or internet access ; the port to the right is the LAN port , which you connect to your LAN.

All outbound and inbound traffic passes through the web appliance, which filters all port 80 and 443 traffic, allowing only secure and permissable web content to be accessed by your users, while non-web network traffic is passed through.

If the web appliance shuts down, the bridge card will be shut down with the LAN circuit closed, meaning that all LAN traffic will pass through.

  • All outbound network traffic passes through the web appliance . Users’ URL requests are intercepted by the web appliance on their way to the firewall . All other traffic passes through.
  • The web appliance assesses all URL requests, blocks disallowed requests, checks if allowed URL requests are currently cached and passes uncached URL requests through the firewall and retrieves them from the internet .
  • The web appliance receives any new pages or files and caches them; it passes the pages or files of allowed requests back to the users .
  • The users receive only safe and allowed pages and files or a notification page.


  1. Connect the web appliance’s LAN port to your organization’s LAN.
  2. Connect the web appliance’s WAN port to your organization’s firewall.
  3. In the web appliance’s administrative web interface, on the Configuration > Network > Network Interface page, set the Deployment mode to Bridged, and click Configure to create a list of IP addresses or IP ranges for internal web servers that are exempted from handling by the web appliance.
    Note You are not required to configure users’ web browsers.