A Layer 3 IOS Firewall implementation requires two logical zones??”trusted and untrusted??”both on different IP subnets
(existing subnets). A network implementation not designed to accommodate this subnetted architecture would require the
redesign of IP subnets to accommodate the firewall. Placing a Layer 3 firewall would be difficult in such scenarios and is
considered resource intensive and could be unfeasible for most deployment scenarios.
Traditional firewalls operate in either a Layer 3 or Layer 2 (transparent) mode. The Cisco IOS Firewall is designed to
simultaneously interoperate in both modes, providing scalability and ease of integration. This enhanced functionality allows a
Cisco IOS Firewall to be implemented concurrently for both the Layer 2 transparent firewall operating on the bridged packets
and a Layer 3 firewall operating on routed packets on the same device.
The transparent firewall configuration is no different from the Layer 3 firewall using the ip inspect command from the global
configuration mode. The CBAC inspection rule ip inspect in/out command is applied to the bridged interfaces for Layer 2
protection, whereas other routed interfaces are configured for Layer 3 protection.
Pages:
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233