02-03-2021 01:47 PM
Hello Guys,
Maybe it will be banal question, but I don't understand one of concept when implementing ASA in transparent mode.
Basicly, I don't understand WHY we need to use TWO different vlans ? I can't find any good explanation, I only find information that I need to do this otherwise it not work... Is it needed to avoid some traffic bypasses firewall ? What happen if I set the same VLAN ?
Please explain me because I can't understand that topic...
02-03-2021 02:01 PM
as per my understand and my notes :
The ASA uses bridge groups for transparent firewall configurations. Bridge groups require distinct interfaces, which include the VLAN tag.
Each interface is a broadcast domain.
ASA performs secure transparent bridging between two broadcast domains.
If you don't want multiple firewall contexts to share the same physical interface on the ASA, you can simply put two physical interfaces (using their untagged native vlan) in the same bridge group.
02-03-2021 02:44 PM
...
08-16-2023 06:50 AM
I too have had the same question and spent quite a bit of time trying to understand why it's necessary. I would assume it has something to do with blocking the forwarding of broadcasts beyond the firewall (but wouldn't you want that half the time? Like for DHCP?) I don't understand why it's noted everywhere that the interfaces "must" be in different VLANs as I have seen numerous cases where the "inside" and "outside" interfaces are in the same VLAN and everything works fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide