https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890387#M172293 <P>You don't actually mention anything that didn't work.</P> Tue, 23 Feb 2016 09:13:23 GMT Philip D'Ath 2016-02-23T09:13:23Z https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890385#M172286 <P>Hello,</P> <P>I recently attempted placing an ASA in my environment in transparent mode to replace a Juniper transparent firewall and ran into some issues. The way my network is designed is I have a router with the default gateway for all the networks behind the firewall, my transparent firewall, and then a switch with 3 vlans on it all on the same /24 network.</P> <P></P> <P>When I tried cutting over to the ASA we were unable to test any rules. I tried checking the log viewer in ASDM but didnt see any traffic hitting the firewall. Is this normal behavior for the ASA in transparent mode?&nbsp;Also, not all devices appeared to be in my arp table which had me a bit concerned.&nbsp;</P> <P></P> <P>Guess I am just trying to figure out what isn't working and why. Since ASDM wasnt showing any traffic in the log viewer I couldnt do much.</P> <P></P> <P>I can post example configs if anyone would feel it would be helpful.</P> <P></P> <P>Thanks,</P> Tue, 12 Mar 2019 07:22:46 GMT https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890385#M172286 Kyle Smith 2019-03-12T07:22:46Z https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890386#M172290 <P>You just need to turn the logging up if you want to see it in the ASDM. &nbsp;Try:</P> <PRE class="prettyprint">logging asdm informational</PRE> Tue, 23 Feb 2016 09:12:49 GMT https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890386#M172290 Philip D'Ath 2016-02-23T09:12:49Z https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890387#M172293 <P>You don't actually mention anything that didn't work.</P> Tue, 23 Feb 2016 09:13:23 GMT https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890387#M172293 Philip D'Ath 2016-02-23T09:13:23Z https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890388#M172295 <P>Philip,</P> <P>Thank you for your reply. My apologies, so what we had the testing team do is try and test the ACL logic based on what they previously were able to do with the Juniper firewall in place. I have 4 named interfaces; Outside, InsideA, InsideB, and InsideC. They tried to SSH to a few machines from the Outside to InsideA and weren't able to. From there, they tried other tests but nothing seemed to work.&nbsp;</P> <P>I jumped on ASDM to check the logging and I set the level to debugging to see everything. When I did, I didnt see any traffic hit the firewall which had me concerned.&nbsp;</P> <P>My interfaces are set up as such:</P> <P><BR />interface Gig0/0<BR /> nameif Outside<BR /> bridge-group 10<BR /> security-level 80<BR />!<BR />interface Gig0/1<BR /> nameif&nbsp;InsideA<BR /> bridge-group 10<BR /> security-level 80<BR />!<BR />interface Gig0/2<BR /> nameif&nbsp;InsideB<BR /> bridge-group 10<BR /> security-level 80<BR />!<BR />interface Gig0/3<BR /> nameif&nbsp;InsideC</P> <P>bridge-group 10<BR /> security-level 80<BR /><BR /></P> <P>interface BVI10<BR />ip address 192.168.1.10</P> <P></P> <P>From my guess, traffic should flow to my ASA without me needing to add much more. At this point I should see traffic being allowed/denied.</P> Tue, 23 Feb 2016 11:40:52 GMT https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890388#M172295 Kyle Smith 2016-02-23T11:40:52Z https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890389#M172297 <P>Try adding the below as well. &nbsp;It should definitely be showing up.</P> <PRE class="prettyprint">logging trap informational</PRE> Tue, 23 Feb 2016 19:06:00 GMT https://community.cisco.com/t5/network-security/transparent-firewall-issue/m-p/2890389#M172297 Philip D'Ath 2016-02-23T19:06:00Z