Firewall on inter-bridge connections?

So I love my 2011UAS-2HnD but there are still quite a few concepts I havent quite gotten the hang of.

I have a ESXi server with a bunch of VMs connected to one of the ethernet interfaces and I wanted to create firewall rules to create a sort of DMZ for one of my VMs. However, it seems connections within the same bridge do not go through the firewall at all? Are VLANs the only way?

I dont quite understand the concept of Bridging either. Ive set up a standard bridge according to the getting started guide, and all my LAN interfaces are set to a slave of eth2 without quite knowing why either to be honest. So anyone able to clear things up for me a bit would be great.

And also, why cant interfaces that are not in the same bridge and not slaves communicate with each other?

Cheers

By slaving the interfaces, you’re using the 2 switch chips of the RB2011 (One for the GigE ports, and another for the 100s) which turns the ports into a layer 2 switch.

In the simplest turns, bridging does the same, although it’s run through the RB CPU instead of being processed by specific hardware. You could try using Bridge Filters, but without knowing your config and what you’re trying to do they may not be suitable.

And interfaces that aren’t switched or bridged can communicate with each other, but traffic has to be routed. You may want to do some reading on the differences between Layer 2 and Layer 3.