Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

CHAPTER

46-1

User Guide for Cisco Security Manager 4.4

OL-28826-01

Configuring Bridging Policies on Firewall

Devices

This chapter contains the following topics:

• About Bridging on Firewall Devices, page 46-1

• Bridging Support for FWSM 3.1, page 46-3

• ARP Table Page, page 46-3

• ARP Inspection Page, page 46-5

• Managing the IPv6 Neighbor Cache, page 46-6

• MAC Address Table Page, page 46-7

• MAC Learning Page, page 46-8

• Management IP Page, page 46-10

• Management IPv6 Page (ASA 5505), page 46-10

About Bridging on Firewall Devices

Traditionally, a firewall is a routed hop and acts as a default gateway for hosts that connect to one of its

screened subnets. A transparent firewall, on the other hand, is a Layer 2 device that acts like a “bump in

the wire,” or a “stealth firewall,” and is not seen as a router hop to connected devices. The security

appliance connects the same network on its inside and outside ports, acting as an access-control bridge;

you assign different VLANs to each interface, and IP addressing is not used.

Thus, you can easily introduce a transparent firewall into an existing network—IP re-addressing is

unnecessary—and maintenance is facilitated because there are no complicated routing patterns to

troubleshoot and no NAT configuration.

Although the transparent-mode device acts as a bridge, Layer 3 traffic, such as IP traffic, cannot pass

through the security appliance unless you explicitly permit it with specific access rules. The only traffic

allowed through a firewall without an access list is ARP traffic, which you can control using ARP

inspection, and IPv6 neighbor discovery.

When the security appliance runs in transparent mode, the outgoing interface of a packet is determined

by performing a MAC address lookup instead of a route lookup. Route statements can still be configured,

but they apply only to security appliance-originated traffic. For example, if your syslog server is located

on a remote network, you must use a static route so the security appliance can reach that subnet.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems CL-28826-01 Security Camera User Manual