https://community.cisco.com/t5/network-security/transparent-firewall/m-p/812650#M964751 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>In answer to your question yes you have 2 vlans but only one IP subnet. This setup is also used on other devices such as load balancers. </P><P></P><P>The reason you need to do this is to avoid a spanning-tree loop. Assuming you are running PVST+ then having 2 vlans but only one subnet allows you to bridge the subnet with the FWSM.</P><P></P><P>HTH</P><P></P><P>Jon</P></BODY></HTML> Tue, 21 Aug 2007 05:57:51 GMT Jon Marshall 2007-08-21T05:57:51Z https://community.cisco.com/t5/network-security/transparent-firewall/m-p/812648#M964748 <P>I have read the following definition a couple times:</P><P></P><P>Transparent mode, the FWSM acts like a "bump in the wire," or a "stealth firewall," and is not a router hop. </P><P></P><P>What I understand with the previous sentence is that: The FWSM connects the same network on its inside and outside interfaces, but each interface must be on a different VLAN.</P><P></P><P>However, are both vlans going to share same subnet???</P> Mon, 11 Mar 2019 11:00:07 GMT https://community.cisco.com/t5/network-security/transparent-firewall/m-p/812648#M964748 lm20ele 2019-03-11T11:00:07Z https://community.cisco.com/t5/network-security/transparent-firewall/m-p/812649#M964750 <HTML><HEAD></HEAD><BODY><P>Transparent firewall will bridge between vlan and not route, so if you are using different subnets you will need layer 3 routing device to route packets between subnets.</P><P></P><P>~Rohit</P></BODY></HTML> Mon, 20 Aug 2007 23:06:11 GMT https://community.cisco.com/t5/network-security/transparent-firewall/m-p/812649#M964750 rochopra 2007-08-20T23:06:11Z https://community.cisco.com/t5/network-security/transparent-firewall/m-p/812650#M964751 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>In answer to your question yes you have 2 vlans but only one IP subnet. This setup is also used on other devices such as load balancers. </P><P></P><P>The reason you need to do this is to avoid a spanning-tree loop. Assuming you are running PVST+ then having 2 vlans but only one subnet allows you to bridge the subnet with the FWSM.</P><P></P><P>HTH</P><P></P><P>Jon</P></BODY></HTML> Tue, 21 Aug 2007 05:57:51 GMT https://community.cisco.com/t5/network-security/transparent-firewall/m-p/812650#M964751 Jon Marshall 2007-08-21T05:57:51Z