ASA with Transparent Mode Stateful inspection

Answered Question
Oct 7th, 2009

I'm wondering if it is possible for the ASA to do stateful inspection in transparent mode?

As far as I know at the moment it only works as a packet filter?


I have this problem too.
0 votes
Correct Answer by Collin Clark about 7 years 3 months ago

Yes you can perform application inspection in Transparent mode.

Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Correct Answer
Collin Clark Wed, 10/07/2009 - 06:41

Yes you can perform application inspection in Transparent mode.

Hope that helps.

rvopel Thu, 10/08/2009 - 03:40

Thanks for the answer.

I want to use the transparent Firewall stateful:

( Answers to outgoing session are allowed incomming because the initiation was from inside)

Application Inspection as far as I know works on a higher OSI Level.

Collin Clark Thu, 10/08/2009 - 05:17

Even though the ASA doesn't route the traffic, it can still read and inspect traffic at all 7 layers.

rvopel Thu, 10/08/2009 - 07:59

We want to allow all incomming sessions at the outside interface when they are initiated from the inside.

(Stateful Firewall)

Is this possible in transparent mode?

Application inspection isn't needed.

Collin Clark Thu, 10/08/2009 - 12:38

It should. The stateful firewall and the inspection engine work hand in hand. Even if you don't use the inspection, the firewall should keep track of all connections.

rvopel Fri, 10/09/2009 - 02:11

Thank you! Sounds very good!

We experienced problems with the stateful function in transparent mode.

We got no reply if we have no incomming rule at the outside interface to allow the connnection, which was initiated at the inside interface.

Can you please provide a sample configuration which works stateful in transparent mode?


rvopel Tue, 10/13/2009 - 07:39

Now we have verified it. The ASA works stateful in Transparent Mode. We tested the stateful function the wrong way all the time.

Thanks for your help!


This Discussion