Yes, NAT: Limitations in Bridge Mode You can configure only two slave interfaces in a single Bridge interface. You can think of this Bridge interface as a two-port Layer 2 switch. Each port can be a Physical interface, a VLAN interface, or a Bond interface. These features and deployments are not supported in Bridge Mode: Assigning an IP address to a Bridge interface in ClusterXL. NAT rules (specifically, FireWall kernel in logs shows the traffic as accepted, but Security Gateway does not actually forward it). For more information, see sk106146. Access to Multi-Portal (Mobile Access Portal, Identity Awareness Captive Portal, Data Loss Prevention Portal, and so on) from bridged networks, if the bridge does not have an assigned IP address. Clusters with more than two Cluster Members. Full High Availability Cluster. Asymmetric traffic inspection in ClusterXL in Active/Active Bridge Mode. (Asymmetric traffic inspection is any situation, where the Client-to-Server packet is inspected by one Cluster Member, while the Server-to-Client packet is inspected by the other Cluster Member. In such scenarios, several security features do not work.)

Yes NAT