The ZoneAlarm router allows you to connect the LAN and the WLAN network segments at the data-link layer, by configuring a bridge between them. A bridge allows you to choose whether to enable the firewall between the LAN and WLAN:
- If you enable the firewall, the WLAN and LAN will be assigned separate, isolated IP networks, and the gateway will operate as a regular firewall between the LAN and WLAN, inspecting traffic and dropping or blocking unauthorized or unsafe traffic according to the defined firewall policy.
- If you disable the firewall between the LAN and WLAN, they will appear as a single unified network; that is, the two network segments will share the same IP address range, and traffic will flow freely between them. Only traffic from the LAN and WLAN to the Internet will be inspected by the firewall.
The ZoneAlarm router allows you to configure anti-spoofing for the bridged network segments. When anti-spoofing is configured for a segment, only IP addresses within a specific IP address range can be sent from that network segment. For example, if you configure anti-spoofing for the LAN network segment, the following things happens:
- If a host with an IP address outside of the allowed IP address range tries to connect from the LAN network segment, the connection will be blocked and logged as "Spoofed IP".
- If a host with an IP address within the bridge IP address range tries to connect from a network segment other than the LAN segment, the connection will be blocked and logged as "Spoofed IP".