https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006548#M147701 <P>Routed mode is my preferred deployment but it requires more network interruption. Transparent mode on the other hand is much easier to be deployed in an existing environment. Thus, it really boils down to preference and design requirements.&nbsp;</P> <P>I would highly recommend that you check Cisco's Validated Design below. There is a lot of info that might not apply to your environment or setup but it is still a good document to read and reference.&nbsp;</P> <P><A href="http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/sdc-dg.pdf">http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/sdc-dg.pdf</A></P> <P>I hope this helps!</P> <P><EM>Thank you for rating helpful posts!</EM></P> Wed, 18 Jan 2017 00:15:57 GMT nspasov 2017-01-18T00:15:57Z https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006545#M147697 <P>Hi,</P> <P>vpc is running &nbsp;in datacenter ( its not really double sided or single sided ) &nbsp; . Need to &nbsp;put &nbsp;dc firewall ( asa with source fire )&nbsp;</P> <P>What is the best practices . L3 or L2&nbsp;</P> <P></P> <P>Thanks</P> <P></P> Tue, 12 Mar 2019 08:47:09 GMT https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006545#M147697 k.adath2015 2019-03-12T08:47:09Z https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006546#M147699 <P>Can you be a lot more specific.</P> Tue, 17 Jan 2017 03:37:48 GMT https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006546#M147699 Philip D'Ath 2017-01-17T03:37:48Z https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006547#M147700 <P>Hi,</P> <P>Sorry for the inconvenience , I have similar toplogy (attached ) in my data center .</P> <P>All the servers in the dc &nbsp;must be protected . &nbsp;from the agg switch there is l3 connecvity &nbsp;to the core switch . (core switch not shown in the &nbsp;picture )&nbsp;</P> <P></P> <P>server subnets are 192.168.15.0/24 16.0/24...20.0/24&nbsp;</P> <P>vlan interfaces are configured on the agg switches and hsrp is running &nbsp;.</P> <P>Now want to protect the serevers behind the dc .&nbsp;</P> <P>So where should be the firewall placed and &nbsp;routed mode or transparent mode is better&nbsp;</P> <P></P> <P>Thanks</P> Tue, 17 Jan 2017 19:54:50 GMT https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006547#M147700 k.adath2015 2017-01-17T19:54:50Z https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006548#M147701 <P>Routed mode is my preferred deployment but it requires more network interruption. Transparent mode on the other hand is much easier to be deployed in an existing environment. Thus, it really boils down to preference and design requirements.&nbsp;</P> <P>I would highly recommend that you check Cisco's Validated Design below. There is a lot of info that might not apply to your environment or setup but it is still a good document to read and reference.&nbsp;</P> <P><A href="http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/sdc-dg.pdf">http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/sdc-dg.pdf</A></P> <P>I hope this helps!</P> <P><EM>Thank you for rating helpful posts!</EM></P> Wed, 18 Jan 2017 00:15:57 GMT https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006548#M147701 nspasov 2017-01-18T00:15:57Z https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006549#M147702 <P>Hi,</P> <P>Choosing routed mode ,what was your benefit&nbsp;</P> <P></P> <P>Thanks</P> Wed, 18 Jan 2017 03:41:28 GMT https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006549#M147702 k.adath2015 2017-01-18T03:41:28Z https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006550#M147703 <P>1. There are several features that are not supported when running the ASA in transparent mode</P> <P>2. Troubleshooting is easier and less convoluted when running in routed mode</P> <P>3. In routed mode the ASA is a L3 hop on your network. This allows you to run routing protocols, policy-based routing, etc.</P> <P>4. For more information about the differences and features for each mode you should reference the configuration guide:</P> <P><A href="http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-fw.html">http://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-fw.html</A></P> <P>I hope this helps!</P> <P><EM>Thank you for rating helpful posts!</EM></P> Wed, 18 Jan 2017 18:30:39 GMT https://community.cisco.com/t5/network-security/dc-firewall/m-p/3006550#M147703 nspasov 2017-01-18T18:30:39Z