I have two sets of ESXi hosts, one set for management and one for tenants. Each ESXi host has 8 nics and four vSwitches. All vSwitches are trunked via aggregated interfaces to a pair of EX in VC mode.
I only have one ISP connection with a network allocation (/28) which is bridged (the ISP provides the gateway that we use)
The EX uplink to the Sonic is ge-0/0/20, a trunked port for 5 VLANs: (10, 20, 30, 60, and ‘default/untagged’ vlan). The rest of the VLAN's are internal traffic, unrouted, no gateway.
I need to have direct internet connection on VLAN 60 (not NAT). I have setup a RVI on the switch, vlan.60 as per http://kb.juniper.net/InfoCenter/index?page=content&id=KB11000&actp=RSS
The Sonicwall supports “L2 Bridge Mode” so I can bridge my ISP connection (now connected @ X1 port) to the X0 port. They say on their KB that this way, you can effectively span your WAN subnet and insert the Sonicwall “transparently”: http://www.firewalls.com/blog/transparent_mode_or_bridge_mode/
If I bridge X0 to X1, I will only have a public interface for the sonicwall, I won't be able to use it's current LAN IP 10.0.14.254
Can I then assign my entire WAN subnet on my l3-interface of vlan.60 ? And, do I need to set the native-vlan-id of my ge-0/0/20 uplink to VLAN 60 ?
The Sonicwall is connected to EX ge-0/0/20 (gigabit port) through X0 and to the me0.0 ('vme') port through X3. ![Topology][1]
Topology: i.stack.imgur.com/Ijzw2.png
As I understand it, the bridge mode will turn the Sonic Wall into a L2 Bridge. They use confusing terminology on their homepage but that is how I understand it. If so you can imagine it as being just a wire between your EX and the ISP gateway. So you configure your port on the EX as if your ISP gateway would be plugged right into that port.
You set the port-mode of ge-0/0/20 to access with vlan 60 as the only member vlan. The vlan.60 L3 interface then gets an IP from the ISPs /28 only IF you want it to have an IP in that network. Mind you it's a public IP, you should check that no services on the switch are reachable from the outside. As you have the management interface connected to the Sonicwall as well, you could also use an internal IP for the switch management and connect via VPN or other means through the Sonicwall.