06-02-2007 10:51 PM - edited 03-11-2019 03:24 AM
Hi
can anyone easily describe how cisco pix work as a transparent firewall and what it is ?.
Thanks
biplob
06-03-2007 12:15 AM
Hi
When a pix firewall is in transparent mode it is basically "seen" as a layer 2 device rather than a layer 3 device. An explanation should help.
routerA -> Pix -> routerB
If the pix is in "normal" routed mode then the the 2 routers do not see each other as neighbours. The IP addressing for the above would look something like
routerA (192.168.1.1) -> (192.168.1.2) Pix (172.16.5.2) -> (172.16.5.1) routerB
So packets being sent from routerA to routerB would be forwarded to the pix inside interface ie 192.168.1.2. The pix would then do a route lookup for the destination IP address and then forward the packet out of it's outside interface ie 172.16.5.2 to routerB.
That's routed mode. Now when the pix is in transparent mode you still get the same layout
routerA -> Pix -> routerB
but the addressing has changed
routerA (192.168.1.1) -> Pix -> (192.168.1.2)routerB.
Note that the 2 routers are on the same subnet. If the routers were running EIGRP or OSPF they would form a neighbourship with each other, providng you allow that traffic through with an access-list. And this is an important point, even though the firewall is in tranpsarent mode you can still allow access based on the source and destination IP addresses. The only traffic allowed through the firewall in transparent mode without an access-list is arp traffic.
Hope this has answered your question
Jon
06-03-2007 10:27 PM
Hi
Great !. Now it is clear to me as water. It is clear how transparent picx work.
But my question is if in transparent mode pix only work layer 2 device and work only ACL.
so only this i can use pix ?. without Pix I can surf purpose to apply acl in router.
so transport mode pix useful in practical enviorement.
Thanks
Biplob
06-04-2007 02:54 AM
Hi Biplob
It's a little unclear what you mean but i'll try and answer your question. Please let me know if i have misunderstood.
Even though the pix in transparent mode is seen as a layer 2 device it can still block traffic based on layer 3/4 information ie. IP addresses and port numbers. In a practical environment there are a number of uses
1) If you needed 2 routers to be able to establish a neigbourship with each other ( see previous post)
2) A transparent firewall can be harder to detect for a hacker than a routed firewall as it is just a "bump in the wire" rather than an IP andpoint. Again see previous post for IP addressing to understand this more.
3) It is easier to insert a transparent firewall into an existing production environment as it needs to readdressing on the clients or servers as it is working at layer 2.
4) It can also be used when you need to pass non-IP protocols.
HTH
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide