Chapter 15 Firewall Mode Overview

Transparent Mode Overview

Transparent Mode Overview

Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its screened subnets. A transparent firewall, on the other hand, is a Layer 2 firewall that acts like a “bump in the wire,” or a “stealth firewall,” and is not seen as a router hop to connected devices.

This section describes transparent firewall mode, and includes the following topics:

Transparent Firewall Network, page 15-7

Allowing Layer 3 Traffic, page 15-7

Allowed MAC Addresses, page 15-7

Passing Traffic Not Allowed in Routed Mode, page 15-8

MAC Address vs. Route Lookups, page 15-8

Using the Transparent Firewall in Your Network, page 15-9

Transparent Firewall Guidelines, page 15-9

Unsupported Features in Transparent Mode, page 15-10

How Data Moves Through the Transparent Firewall, page 15-11

Transparent Firewall Network

The security appliance connects the same network on its inside and outside interfaces. Because the firewall is not a routed hop, you can easily introduce a transparent firewall into an existing network.

Allowing Layer 3 Traffic

IPv4 traffic is allowed through the transparent firewall automatically from a higher security interface to a lower security interface, without an access list. ARPs are allowed through the transparent firewall in both directions without an access list. ARP traffic can be controlled by ARP inspection. For Layer 3 traffic travelling from a low to a high security interface, an extended access list is required on the low security interface. See the “Adding an Extended Access List” section on page 16-5for more information.

Allowed MAC Addresses

The following destination MAC addresses are allowed through the transparent firewall. Any MAC address not on this list is dropped.

TRUE broadcast destination MAC address equal to FFFF.FFFF.FFFF

IPv4 multicast MAC addresses from 0100.5E00.0000 to 0100.5EFE.FFFF

IPv6 multicast MAC addresses from 3333.0000.0000 to 3333.FFFF.FFFF

BPDU multicast address equal to 0100.0CCC.CCCD

Appletalk multicast MAC addresses from 0900.0700.0000 to 0900.07FF.FFFF

 

 

Cisco Security Appliance Command Line Configuration Guide

 

 

 

 

 

 

OL-12172-01

 

 

15-7

 

 

 

 

 

Page 7
Image 7
Cisco Systems OL-12172-01 manual Transparent Firewall Network, Allowing Layer 3 Traffic, Allowed MAC Addresses, 15-7

OL-12172-01 specifications

Cisco Systems OL-12172-01 is a pivotal component in the landscape of networking and telecommunications, particularly catering to the needs of businesses seeking robust and efficient networking solutions. This particular offering is part of Cisco's ongoing commitment to providing advanced networking technologies that enhance connectivity, security, and overall operational efficiency.

One of the main features of Cisco OL-12172-01 is its capability to support enterprise networking environments through highly scalable and flexible architecture. The device is designed to address the growing demands for bandwidth and connectivity in corporate networks, enabling seamless communication and data exchange among various devices and applications. With support for high-speed Ethernet connections, the OL-12172-01 can significantly improve the performance of network operations, ensuring minimal downtime and optimal user experiences.

Security is a hallmark of the Cisco OL-12172-01. The device comes equipped with advanced security protocols that protect sensitive data and mitigate the risks associated with network vulnerabilities. Features such as integrated firewall capabilities, Virtual Private Network (VPN) support, and intrusion prevention systems are vital in safeguarding corporate information against cyber threats. This ensures that businesses can operate confidently in a digital landscape laden with potential risks.

Another significant aspect of the OL-12172-01 is its compatibility with various Cisco technologies, enhancing its versatility. It integrates seamlessly with Cisco’s Software-Defined Networking (SDN) solutions, allowing for dynamic network management and automation. This adaptability means businesses can respond quickly to changing network demands and efficiently manage resources without incurring excessive costs.

The OL-12172-01 also boasts comprehensive management and monitoring tools. Through Cisco's management software, network administrators can easily configure, monitor, and troubleshoot their networks. These tools provide insight into network performance metrics, enabling proactive measures to ensure optimal functionality.

In summary, Cisco Systems OL-12172-01 is a feature-rich device designed for modern enterprise networking. With advanced security measures, high-speed connectivity, and compatibility with cutting-edge technologies, it empowers businesses to optimize their network infrastructure while maintaining high levels of protection. As organizations continue to evolve their IT landscapes, the OL-12172-01 remains a reliable solution for enhancing operational efficiency and safeguarding essential data.