• October 6, 2024

Adding an Access Control Rule for a Routing Protocol – Cisco Firewall Deployment in Transparent Mode

Adding an Access Control Rule for a Routing Protocol If you select the Access Control: Block All Traffic policy as the default action, traffic is blocked when it does not match with any custom access control rules. Only the traffic that exclusively matches a rule is allowed through the threat defense. If you create an…

Explore More

Deploying a Threat Defense Between Layer 3 Networks – Cisco Firewall Deployment in Transparent Mode

Deploying a Threat Defense Between Layer 3 Networks After configuring the physical and virtual interfaces, you can communicate with any hosts, through a threat defense, within the same subnet. However, if you want to communicate with hosts that are in different subnets, a routing protocol is necessary. When you configure a dynamic routing protocol across…

Explore More

Verifying the Interface Status – Cisco Firewall Deployment in Transparent Mode

Verifying the Interface Status After deploying a threat defense by using the management center web interface, you can verify any configuration settings from the threat defense CLI. Example 5-6 shows the interface configuration of a threat defense in transparent mode. Both member interfaces are in bridge group 1 and have no IP addresses. Only BVI1…

Explore More

Configuring the Physical and Virtual Interfaces – Cisco Firewall Deployment in Transparent Mode

Configuring the Physical and Virtual Interfaces To configure the interfaces when a threat defense is in transparent mode, follow these steps: Step 1. Navigate to Devices > Device Management. A list of the managed threat defense devices appears. Step 2. Click the pencil icon that is next to the threat defense you want to configure.…

Explore More

Fulfilling Prerequisites – Cisco Firewall Deployment in Transparent Mode

Fulfilling Prerequisites During system initialization, a threat defense provides an option to choose between routed mode and transparent mode (see Example 5-1). To set up a threat defense with transparent mode, just type transparent when the system prompts and press Enter. If you selected transparent mode during the system initialization, you could skip this section…

Explore More

“Do I Know This Already?” Quiz – Cisco Firewall Deployment in Transparent Mode

“Do I Know This Already?” Quiz The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read…

Explore More

Configuring Interfaces with Automatic IP Addresses – Cisco Firewall Deployment in Routed Mode

Configuring Interfaces with Automatic IP Addresses A threat defense can function as a DHCP client as well as a DHCP server. For example, if you deploy a threat defense between the outside interface and an Internet service provider (ISP), the device can obtain an IP address dynamically for its outside interface from the ISP router.…

Explore More

Configuration of the Routed Interface – Cisco Firewall Deployment in Routed Mode

Configuration of the Routed Interface In threat defense, you can configure a data interface with a static IP address. A threat defense can also operate as a DHCP client and obtain an IP address from a DHCP server. Furthermore, you can enable the DHCP service on a threat defense and configure it to assign IP…

Explore More

Verifying Basic Connectivity and Operations – Cisco Firewall Deployment in Transparent Mode

Verifying Basic Connectivity and Operations After configuring a threat defense in transparent mode, you might want to verify whether the transparent mode is operating as expected. Is the threat defense really invisible to the network hosts? You can prove this by using Address Resolution Protocol (ARP). When a host computer communicates through a threat defense,…

Explore More

Verifying Access Control Lists – Cisco Firewall Deployment in Transparent Mode

Verifying Access Control Lists When traffic is not blocked or allowed according to the configurations on the management center, you can use the threat defense CLI to verify whether the desired access control rules are applied. You can run the show access-list command to view the custom access control rules you created, as well as…

Explore More