Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
463
Views
5
Helpful
3
Replies

Firewall mode of operation

Go to solution
Serpent2010
Level 1
Level 1

‎06-22-2016 07:26 AM - edited ‎03-12-2019 12:55 AM

Hi,

My question sounds to be a fundamental question, however, I am looking for the expert advise.

It is known that Transparent Firewall will be faster (no IP address) but less protection on other hand Static/Dynamic packet filtering, Application-layer, or Circuit-level will be slower but more protection.

Based on these facts, I would like to get an advise which mode is preferred considering security is higher priority than complexity (creating an internal subnet(s)).

Please, I will need to know what I will gain/loss with each mode configuration.

Thanks,   

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ankojha
Level 3
Level 3

‎06-22-2016 08:16 AM

Hi,

As per your query, there is no preferred mode but it all depends on how your deployment 

is going to be. There are some features which are not supported in transparent mode

but it has advantage in the sense that it doesn't changes your existing network if deployed in the network. You can follow the below document to check features which you need to prefer according to your requirement :

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/intro-fw.html

rate if it Helps.

Thanks,

Ankita

View solution in original post

3 Replies 3

Go to solution
ankojha
Level 3
Level 3

‎06-22-2016 08:16 AM

Hi,

As per your query, there is no preferred mode but it all depends on how your deployment 

is going to be. There are some features which are not supported in transparent mode

but it has advantage in the sense that it doesn't changes your existing network if deployed in the network. You can follow the below document to check features which you need to prefer according to your requirement :

http://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/general/asa-general-cli/intro-fw.html

rate if it Helps.

Thanks,

Ankita

Go to solution
Serpent2010
Level 1
Level 1
In response to ankojha

‎06-22-2016 03:40 PM

Thank you for your reply.

But how about if I have on two different physical interfaces two different inside subnets (e.x.172.x.x.x & 10.x.x.x), would the Transparent mode be bale to handle this scenario?

As I know, in transparent mode all interfaces (insides and outside) shall be on same subnet.  

0 Helpful

Go to solution
ankojha
Level 3
Level 3
In response to Serpent2010

‎06-22-2016 11:17 PM

Hi,

In that case, you don't need transparent mode and can go for routed mode.

Rate if it helps.

Thanks,

Ankita

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card