In essence, the network is split into two Layer 2 segments and the appliance is placed in between, thereby
acting in bridge mode, and Layer 3 remains unchanged. Alternatively, clients can be connected on either side
into two separate switches that are independent of each other (and not connected to each other in any way).
Figure 6-3 illustrates this further. Even though the firewall is in the bridge mode, an ACL is still required to
control and allow all Layer 3 traffic that is passing through the firewall, with the exception of ARP traffic, which
does not need an ACL. ARP traffic can be controlled with ARP inspection on the firewall.
Figure 6-3. Transparent Firewall Setup
[View full size image]
Transparent mode does not support IP routing protocols for traffic passing through the router, because the
firewall is in bridge mode. Static routes are used for traffic originating from the appliance and not for traffic
traversing the appliance. However, IP routing protocols through the firewall are supported, as long as the access
lists on the firewall permit the protocols to pass through. OSPF, RIP, EIGRP, and Border Gateway Protocol (BGP)
adjacencies can be established through the firewall in the transparent mode.
Pages:
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258