Transparent Firewall

Unanswered Question
Jun 2nd, 2007

Hi

can anyone easily describe how cisco pix work as a transparent firewall and what it is ?.

Thanks

biplob

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Sun, 06/03/2007 - 00:15

Hi

When a pix firewall is in transparent mode it is basically "seen" as a layer 2 device rather than a layer 3 device. An explanation should help.

routerA -> Pix -> routerB

If the pix is in "normal" routed mode then the the 2 routers do not see each other as neighbours. The IP addressing for the above would look something like

routerA (192.168.1.1) -> (192.168.1.2) Pix (172.16.5.2) -> (172.16.5.1) routerB

So packets being sent from routerA to routerB would be forwarded to the pix inside interface ie 192.168.1.2. The pix would then do a route lookup for the destination IP address and then forward the packet out of it's outside interface ie 172.16.5.2 to routerB.

That's routed mode. Now when the pix is in transparent mode you still get the same layout

routerA -> Pix -> routerB

but the addressing has changed

routerA (192.168.1.1) -> Pix -> (192.168.1.2)routerB.

Note that the 2 routers are on the same subnet. If the routers were running EIGRP or OSPF they would form a neighbourship with each other, providng you allow that traffic through with an access-list. And this is an important point, even though the firewall is in tranpsarent mode you can still allow access based on the source and destination IP addresses. The only traffic allowed through the firewall in transparent mode without an access-list is arp traffic.

Hope this has answered your question

Jon

iqbalkhan Sun, 06/03/2007 - 22:27

Hi

Great !. Now it is clear to me as water. It is clear how transparent picx work.

But my question is if in transparent mode pix only work layer 2 device and work only ACL.

so only this i can use pix ?. without Pix I can surf purpose to apply acl in router.

so transport mode pix useful in practical enviorement.

Thanks

Biplob

Jon Marshall Mon, 06/04/2007 - 02:54

Hi Biplob

It's a little unclear what you mean but i'll try and answer your question. Please let me know if i have misunderstood.

Even though the pix in transparent mode is seen as a layer 2 device it can still block traffic based on layer 3/4 information ie. IP addresses and port numbers. In a practical environment there are a number of uses

1) If you needed 2 routers to be able to establish a neigbourship with each other ( see previous post)

2) A transparent firewall can be harder to detect for a hacker than a routed firewall as it is just a "bump in the wire" rather than an IP andpoint. Again see previous post for IP addressing to understand this more.

3) It is easier to insert a transparent firewall into an existing production environment as it needs to readdressing on the clients or servers as it is working at layer 2.

4) It can also be used when you need to pass non-IP protocols.

HTH

Jon

Actions

This Discussion