Routed vs Transparent Mode Flashcards
What is the primary function of Routed Mode in a firewall?
Routed Mode acts as a Layer 3 device, routing traffic between different subnets and allowing NAT and dynamic routing protocols.
What is the primary function of Transparent Mode in a firewall?
Transparent Mode acts as a Layer 2 bridge, filtering traffic without requiring changes to the existing IP addressing scheme.
Which command is used to check the routing table in Routed Mode?
show route - Displays the active routes used by the firewall.
Which command shows the interfaces assigned to a Bridge Group in Transparent Mode?
show bridge group - Lists the interfaces participating in a bridge group.
What is a major limitation of Transparent Mode compared to Routed Mode?
Transparent Mode does not support dynamic routing protocols like OSPF or BGP.
What is an advantage of Transparent Mode when deploying a firewall?
It allows firewall implementation without modifying IP addressing, making it easier to integrate into existing networks.
Which feature is supported in Routed Mode but NOT in Transparent Mode?
Multicast forwarding and CDP (Cisco Discovery Protocol) support.
Which troubleshooting command is useful for checking MAC address forwarding in Transparent Mode?
show mac address-table - Displays MAC addresses learned by the firewall.
What happens to traffic in Routed Mode when passing through a firewall?
The firewall modifies the packet’s source or destination IP depending on NAT and security policies.
Why is High Availability (HA) easier to manage in Transparent Mode?
Transparent Mode does not require route synchronization, making failover faster and simpler.
How does Transparent Mode handle MAC-based forwarding and ARP?
Transparent Mode relies on MAC addresses to forward traffic within a bridge group and uses ARP to resolve IP-to-MAC mappings.
What should you check if NAT is not working in Routed Mode?
Use show nat detail to verify NAT rules and packet-tracer input to simulate and debug traffic processing.
What happens during a failover in HA for both Routed and Transparent Mode?
In Routed Mode, routes and NAT entries need to be synchronized. In Transparent Mode, only session tables and MAC tables are replicated.
How does VLAN tagging work in Transparent Mode?
VLAN tags are preserved as traffic passes through the firewall, allowing segmentation without requiring routing.
What happens if ARP entries are missing in Transparent Mode?
Traffic may be dropped or delayed since the firewall cannot forward packets without resolving the destination MAC address. Use show arp to check.
How does switching from Transparent to Routed Mode affect OSPF?
OSPF can now be enabled, requiring IP subnetting and route advertisements, which are not needed in Transparent Mode.
Why does Transparent Mode drop CDP packets by default?
CDP is a Layer 2 protocol, and Transparent Mode does not forward Layer 2 discovery protocols like CDP, LLDP, or STP.
What is the first step to allowing remote management in Transparent Mode?
Assign an IP address to the Bridge Virtual Interface (BVI) and configure management access policies.
Why is NAT sometimes needed in Transparent Mode?
While Transparent Mode does not perform full NAT like Routed Mode, it may require NAT for outbound traffic translation to allow internet access.
What happens if an FTD firewall in Transparent Mode is missing a properly configured BVI?
Traffic may be dropped, and ARP requests may not be processed correctly, leading to communication failures.
What is the main reason failover is faster in Transparent Mode compared to Routed Mode?
Transparent Mode does not require routing table synchronization, reducing the time needed for a successful failover.
Why does Transparent Mode not require a default route for internet access?
Transparent Mode operates at Layer 2 and does not use a routing table, so a default route is unnecessary.
