topic Routed and transparent mode simultaneoulsy in Network Security

Routed and transparent mode simultaneoulsy

ymadheka — Tue, 12 Mar 2019 08:39:57 GMT

Hi Team,

We have a customer who wants to enable routed and transparent mode at the same time for FTD platform. The use case is that the firewall in NAT mode for Internal private IP network and use the firewall in transparent mode for our Internal Public IP network.

Kindly advise.

You can just not NAT traffic

Marvin Rhoads — Thu, 15 Dec 2016 15:40:30 GMT

You can just not NAT traffic coming from the Internal Public IP network. That's independent of routed vs.transparent mode.

Hi Marvin,

ymadheka — Sat, 17 Dec 2016 08:02:38 GMT

Hi Marvin,

Thanks for the reply.

Here the private network represents the server zone and not any internal users. Based on the discussion with the customer the use case is like they have two networks behind the firewall one represents the private network for their servers zone while the other one represents public network of the server zone. The ideology is to not inspect the traffic coming to the public network since their service functionality are delivered through the NATted part of the private network.

Hence want to pass through the traffic for the public network and inspect the traffic for the private network.

Sure - you would combine NAT

Marvin Rhoads — Sat, 17 Dec 2016 12:01:36 GMT

Sure - you would combine NAT rules (including NAT exemption) with your Access Control (AC) policy.

Just build the AC policy top down like a traditional ACL - first match will govern how the traffic is treated / inspected.