Author: Ethan Wright
Adding an Access Control Rule for a Routing Protocol – Cisco Firewall Deployment in Transparent Mode
Adding an Access Control Rule for a Routing Protocol If you select the Access Control: Block All Traffic policy as the default action, traffic is blocked when it does not match with any custom access control rules. Only the traffic that exclusively matches a rule is allowed through the threat defense. If you create an…
Explore MoreDeploying a Threat Defense Between Layer 3 Networks – Cisco Firewall Deployment in Transparent Mode
Deploying a Threat Defense Between Layer 3 Networks After configuring the physical and virtual interfaces, you can communicate with any hosts, through a threat defense, within the same subnet. However, if you want to communicate with hosts that are in different subnets, a routing protocol is necessary. When you configure a dynamic routing protocol across…
Explore MoreVerifying the Interface Status – Cisco Firewall Deployment in Transparent Mode
Verifying the Interface Status After deploying a threat defense by using the management center web interface, you can verify any configuration settings from the threat defense CLI. Example 5-6 shows the interface configuration of a threat defense in transparent mode. Both member interfaces are in bridge group 1 and have no IP addresses. Only BVI1…
Explore MoreConfiguring the Physical and Virtual Interfaces – Cisco Firewall Deployment in Transparent Mode
Configuring the Physical and Virtual Interfaces To configure the interfaces when a threat defense is in transparent mode, follow these steps: Step 1. Navigate to Devices > Device Management. A list of the managed threat defense devices appears. Step 2. Click the pencil icon that is next to the threat defense you want to configure.…
Explore MoreFulfilling Prerequisites – Cisco Firewall Deployment in Transparent Mode
Fulfilling Prerequisites During system initialization, a threat defense provides an option to choose between routed mode and transparent mode (see Example 5-1). To set up a threat defense with transparent mode, just type transparent when the system prompts and press Enter. If you selected transparent mode during the system initialization, you could skip this section…
Explore More“Do I Know This Already?” Quiz – Cisco Firewall Deployment in Transparent Mode
“Do I Know This Already?” Quiz The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read…
Explore MoreConfiguring Interfaces with Automatic IP Addresses – Cisco Firewall Deployment in Routed Mode
Configuring Interfaces with Automatic IP Addresses A threat defense can function as a DHCP client as well as a DHCP server. For example, if you deploy a threat defense between the outside interface and an Internet service provider (ISP), the device can obtain an IP address dynamically for its outside interface from the ISP router.…
Explore MoreConfiguration of the Routed Interface – Cisco Firewall Deployment in Routed Mode
Configuration of the Routed Interface In threat defense, you can configure a data interface with a static IP address. A threat defense can also operate as a DHCP client and obtain an IP address from a DHCP server. Furthermore, you can enable the DHCP service on a threat defense and configure it to assign IP…
Explore MoreVerifying Basic Connectivity and Operations – Cisco Firewall Deployment in Transparent Mode
Verifying Basic Connectivity and Operations After configuring a threat defense in transparent mode, you might want to verify whether the transparent mode is operating as expected. Is the threat defense really invisible to the network hosts? You can prove this by using Address Resolution Protocol (ARP). When a host computer communicates through a threat defense,…
Explore MoreVerifying Access Control Lists – Cisco Firewall Deployment in Transparent Mode
Verifying Access Control Lists When traffic is not blocked or allowed according to the configurations on the management center, you can use the threat defense CLI to verify whether the desired access control rules are applied. You can run the show access-list command to view the custom access control rules you created, as well as…
Explore More