Configuring the Physical and Virtual Interfaces – Cisco Firewall Deployment in Transparent Mode
Configuring the Physical and Virtual Interfaces
To configure the interfaces when a threat defense is in transparent mode, follow these steps:
Step 1. Navigate to Devices > Device Management. A list of the managed threat defense devices appears.
Step 2. Click the pencil icon that is next to the threat defense you want to configure. The device management editor page appears, showing all the interfaces of a threat defense on the Interfaces tab (see Figure 5-5).
Figure 5-5 The Interfaces Tab Shows All the Interfaces of a Threat Defense Virtual
Depending on the threat defense platform you run, you may come across different types of interfaces and model-specific options. For example, threat defense model 1010 comes with Ethernet type interfaces with built-in switch ports. However, you cannot enable transparent mode on an interface if it is set to switch port access mode. To configure the interfaces of threat defense model 1010 in transparent mode, you need to disable the switch port by clicking the slider icon next to the desired interface, as shown in Figure 5-6.
Figure 5-6 Threat Defense Hardware Appliance Shows Hardware-Specific Options (Switch Port)
Step 3. On the Interfaces tab, click the pencil icons next to GigabitEthernet0/0 and GigabitEthernet0/1 to configure these interfaces for the inside and outside networks. Use the settings shown in Table 5-2 to configure these two interfaces.
Table 5-2 Configuration Settings for GigabitEthernet0/0 and GigabitEthernet0/1
GigabitEthernet0/0 | GigabitEthernet0/1 | |
Interface name | INSIDE_INTERFACE | OUTSIDE_INTERFACE |
Security zone (optional) | INSIDE_ZONE | OUTSIDE_ZONE |
IP address | In transparent mode, an IP address is not required on a data interface. Instead, assign an IP address to the BVI. |
To enable an interface, you must give it a name; this is a requirement. However, configuring a security zone is an optional step. Here, in the interface configuration window, you can create a security zone and associate it with an interface on the fly. Alternatively, you can navigate to Objects > Object Management > Interface to add, remove, or modify the assignment of security zones.
Figure 5-7 shows the general settings of GigabitEthernet0/0; for example, it is named INSIDE_INTERFACE. Make sure to enable the interface using the Enabled check box. Note that there is no option to configure an IPv4 address.
Figure 5-7 Physical Interface Configuration Window
Step 4. Repeat the preceding steps for GigabitEthernet0/1 to enable it for the outside network.
Step 5. After you configure both interfaces, click the Save button to save the changes you have made so far (see Figure 5-8). The interface settings are now saved on the management center.
Figure 5-8 Transparent Interfaces for the Inside and Outside Networks
Step 6. Before you deploy the configuration to the threat defense, there is still one more component to set up in a transparent mode firewall: the Bridge Virtual Interface (BVI). To add a BVI, click the Add Interfaces drop-down located at the right side of this Interfaces tab. A list of different types of interfaces appears (see Figure 5-9).
Figure 5-9 Option to Add a Bridge Group Interface
Step 7. Select Bridge Group Interface from the list of interfaces. The Add Bridge Group Interface window appears.
Step 8. On the Add Bridge Group Interface window, provide a bridge group ID between 1 and 250 and select the interfaces that are part of the bridged network—in this case, GigabitEthernet0/0 and GigabitEthernet0/1, as shown in Figure 5-10.
Figure 5-10 Selection of Interfaces for the Bridge Group
Step 9. On the IPv4 subtab, configure the address 192.168.1.1 for the BVI (see Figure 5-11). The IP address must be on the same subnet as the hosts and default gateway router, and in this case, it is within the same /24 subnet as its hosts.
Figure 5-11 IP Address of the Bridge Group Interface
Step 10. Click OK to exit the Add Bridge Group Interface window. Figure 5-12 confirms the setup of a bridge group BVI1. Make sure to click the Save button to save the changes.
Figure 5-12 Configuration of Interfaces on a Threat Defense in Transparent Mode
Step 11. To deploy the configurations to your threat defense, navigate to Deploy > Deployment, select the threat defense, and click the Deploy button, as shown in Figure 5-13.
Figure 5-13 Deployment of Policy on a Threat Defense