Transparent firewall on an 871

saintjon856 · ‎03-06-2008

I have a frame connection to a class C network and want to segregate the traffic into four categories to be plugged into fa0 through fa3. I assigned an IP to fa4 and put vlan1 in switchport access mode with no ip but that does not allow firewalling unless I assign an ip to one more interface.

Is it possible to set an 871 between the edge router and the network without changing any net configs in the class C and still be able to firewall between the edge and the three interfaces?

didyap · ‎03-12-2008

Yes, you can configure an 871 as a transparent firewall. You will need to:

"Configure a Bridge Group (required)

"Configure Inspection and ACLs (required)

"Forward DHCP Traffic (optional)

"Monitor Transparent Firewall Events (optional)

Following link may help you

http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/h_trans.html

saintjon856 · ‎03-13-2008

adding the ip to the bridge group and specifying the route was what I was missing, thank you for pointing me to the doc, it was exactly what I needed.

saintjon856 · ‎03-13-2008

But one more question.

If you wanted to utilize the sdm to configure firewall rules, you are required to add a second ip address. the two addresses are not allowed to overlap yet both must be on the same subnet to pick up the traffic?