Transparent Mode - When and Why?
redwarrior
Member Posts: 285
I'm still slogging through my reading for this one and I came across the basics of configuring Transparent mode or firewall transparent and I'm curious...when/why would you use this? If I'm understanding it correctly, you would not be able to pass a regular ethernet frame when this mode is enabled, so you would have to be passing something like MPLS, frame-relay, or IPX. (Please correct me if I'm off here!) So, I'm guessing this would more likely be used at the ISP level for some kind of layer 2 firewall, which begs the question, why use a firewall at that level? Wouldn't that slow traffic at a level on the hierarchical model that you would rather keep things going as fast as possible? I'm just not seeing where a practical application for this might be, so I'm driving myself nuts trying to come up with one. Any ideas?
Thanks again!
Thanks again!
CCNP Progress
ONT, ISCW, BCMSN - DONE
BSCI - In Progress
http://www.redwarriornet.com/ <--My Cisco Blog
Comments
-
Ahriakin Member Posts: 1,799 ■■■■■■■■□□It does allow ethernet, you can also allow or deny most common Protocol suites (IPS/SPX etc.) but the only real granular control you have is over IP.
The main advantage is you can place the firewall inline without having to modify your IP scheme. For example I put one here between our core and server switches to essentially harden the servers network-wise) , it only incurred a few seconds of downtime and no changes to the servers or clients using them. Logically I think of it as a bump-in-the-wire layer-3 security add on for the switches, I know it's incorporated at Layer2 but it processes those frames at Layer3+ before passing back down to Layer2 and forwarding (presuming the frames pass inspection).We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place? -
Luckycharms Member Posts: 267pretty much if you think of it as state full packet inspection switch you will be correct.The quality of a book is never equated to the number of words it contains. -- And neither should be a man by the number of certifications or degree's he has earned.