Filter
Top Products
45-4
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 45 Managing Firewall Devices
Configuring Firewall Device Interfaces
• Interfaces in Routed and Transparent Modes, page 45-4
• Interfaces in Single and Multiple Contexts, page 45-5
• Understanding ASA 5505 Ports and Interfaces, page 45-6
• Configuring Subinterfaces (PIX/ASA), page 45-7
• Configuring Redundant Interfaces, page 45-7
• Configuring EtherChannels, page 45-8
Security Appliance Configurations
Firewall devices allow a variety of configurations, and the configuration determines how to define the
interfaces associated with a specific device. The following table outlines the various configurations.
Interfaces in Routed and Transparent Modes
Beginning with ASA/PIX 7.0 and FWSM 2.2.1, you can configure a security device to operate in one of
two modes: routed or transparent. (The PIX 6.3 operates only in routed mode.)
In routed mode, the security appliance acts as a gateway or router for connected networks: it maintains
IP addresses for its interfaces, and inspects and filters traffic traversing these interfaces based on IP
address (Layer 3) information. In this mode, each device interface is connected to a different IP subnet,
and has its own IP address on that subnet. Routed mode supports up to 256 interfaces in single mode or
per context, with a maximum of 1000 interfaces divided between all contexts.
In transparent mode, the security appliance operates as a Layer 2 (data link) device, or transparent
bridge, and is often referred to as a “bump in the wire,” or a “stealth firewall.” In this mode, you can
define only two interfaces: inside and outside. The interfaces do not require IP addresses; they use
VLAN IDs to forward inspected traffic. However, if the device includes a dedicated management
interface, you can use it—either the physical interface or a subinterface—as a third interface for
device-management traffic.
Note Cisco Security Manager does not populate the interface information for FWSM 2.x devices during
discovery.
Table 45-1 Security Appliance Configurations
Device Type
Operational Mode (Router or
Transparent)
Context Support (Single or
Multiple)
PIX 6.3.x N/A N/A
PIX 7.0+/ASA Router or Transparent Single
PIX 7.0+/ASA, or security
context of unmanaged PIX
7.0+/ASA
Router or Transparent Multiple (see Checklist for
Configuring Multiple Security
Contexts, page 57-2)
FWSM, or security context of
unmanaged switch (multiple
mode)
Router or Transparent Single or Multiple