Each customer has its own security context with its own security policy (NAT, access list, static routes, and so
on). A transparent firewall is in a secure bridging mode and connects the inside and outside interfaces to the
same network (Net A). Each security context is assigned a management IP address of 10.1.x.2 on the same
connected (Net A) IP subnet.
Figure 6-7. Multiple Contexts??”Transparent Mode
[View full size image]
Note
Transparent mode does not allow shared interfaces.
Note
In multiple mode environments, all contexts can be configured either in routed or transparent mode.
Mix-mode environment is not supported.
Caution
Dynamic routing protocols are not supported in multiple context modes; static routing can be used. VPN
and Multicast are also not supported.
How does the Security Appliance classify which context to send a packet to?
All packets entering the appliance must be classified to determine which context to send a packet to. The
classifier uses the following policy to assign the packet to a context:
Unique Interface: If only one context is associated with the ingress interface, the Security Appliance
classifies the packet into that context. Note that when using the transparent mode, use unique interfaces
only because transparent mode requires unique interface allocation for each context.
Pages:
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268