PIX 515E Configure In Transparent Mode

Unanswered Question
Jun 13th, 2007


I have Pix515E-R with 16 MB

With IOS 6.3

I want to configute Transparent mode

in my pix , Suggest me what should

I Do.

Thanking You

Dipak Parmar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
anandramapathy Wed, 06/13/2007 - 03:07

Before that go through this url

It is important to know what transparent mode can support & what not


The command is

firewall transparent

*** Procedure to configure transparent mode ***

Take a look at the link below for the config


dipak-parmar Wed, 06/13/2007 - 04:10

Thanks for Your support

my IOS can not support

firewall transparent command

Should I have to upgrade My IOS ?

anandramapathy Wed, 06/13/2007 - 04:40

I guess yes

Transparent Firewall Mode

PIX firewalls have always operated on IP packets, where all of the stateful traffic inspection is performed at Layer 3. This is usually called routed mode, where the firewall acts more or less as a router and has IP addresses applied to its own interfaces.

With PIX 7.0, a security appliance can be configured to operate in routed or transparent firewall mode. Transparent mode makes the firewall act more like a Layer 2 bridge, where packets are handled by MAC addresses. Although this prevents the firewall from using IP addresses on its interfaces (except for a single management address), the firewall still inspects traffic using IP addresses and all of the inspection rules youre used to seeing.

Transparent mode has several benefits: without interface IP addresses, the firewall has no detectable presence on the network and malicious users wont be able to find the firewall at all. In addition, the firewall can inspect other non-IP traffic based solely on the EtherType field in the packet headers.

HTH _ please rate all useful Posts

dipak-parmar Wed, 06/13/2007 - 05:06

thanks for this wonderful support,

If I want to upgrade IOS 6.3 to 7.6

is there any hardware configuration changes ?

I have pux515E-R With 16mb RAM


dipak-parmar Mon, 06/18/2007 - 02:57

Dear anandramapathy,

how I use third Port in Transparant Mode

Or I can use only two ports in transparent mode

Thanking you

Dipak Parmar

anandramapathy Mon, 06/18/2007 - 03:32

Third interface is not supported. Check the url below

Transparent mode?In transparent mode the PIX does not have IP addresses

assigned to its interfaces. Instead it acts as a Layer 2 bridge that

maintains a MAC address table and makes forwarding decisions based on that.

The use of full extended IP access lists is still available and the

firewall can inspect IP activity at any layer. In this mode of operation

the PIX is often referred to as a "bump in the wire" or "stealth firewall".

There are other significant differences as to how transparent mode operates

in comparison to routed mode:

Only two interfaces are supported?inside and outside

NAT is not supported or required since the PIX is no longer a hop.



This Discussion