Unsupported Features for Bridge Groups in Routed Mode
The following table lists the features are not supported in bridge groups in routed mode.
|
Feature |
Description |
|---|---|
|
EtherChannel member interfaces |
Only physical interfaces, redundant interfaces, and subinterfaces are supported as bridge group member interfaces. Management interfaces are also not supported. |
|
Clustering |
Bridge groups are not supported in clustering. |
|
Dynamic DNS |
— |
|
DHCP relay |
The routed firewall can act as a DHCPv4 server, but it does not support DHCP relay on BVIs or bridge group member interfaces. |
|
Dynamic routing protocols |
You can, however, add static routes for BVIs. You can also allow dynamic routing protocols through the threat defense device using an access rule. Non-bridge group interfaces support dynamic routing. |
|
Multicast IP routing |
You can allow multicast traffic through the threat defense device by allowing it in an access rule. Non-bridge group interfaces support multicast routing. |
|
QoS |
Non-bridge group interfaces support QoS. |
|
VPN termination for through traffic |
You cannot terminate a VPN connection on the BVI. Non-bridge group interfaces support VPN. Bridge group member interfaces support site-to-site VPN tunnels for management connections only. It does not terminate VPN connections for traffic through the threat defense device. You can pass VPN traffic through the bridge group using an access rule, but it does not terminate non-management connections. |