About Transparent Firewalls

Notes:

• Any time the Layer 3 devices are updated, the behavior models and routes for the Layer 2 devices between them will need to be rebuilt and the Layer 2 inherited routes will need to be refreshed from the adjacent Layer 3 devices.

• Unlike the unmerging operation where interfaces are removed from a networks segment, to remove a Layer 2 device from the chain, each of its associated interfaces would be removed from the surrounding network segments, and then those network segments will be merged. Once all the interfaces and pairs are removed from the network tap group, then the original network segment between them would be restored.

• Layer 2 configured devices do not have a normalized IP address interface resulting in no assigned routes.

Supported Layer 2 Devices

Server-side code changes have been introduced for a new Interface flag setting transparentMode. Device Packs have been updated to normalize device interfaces for firewalls that are running in Layer 2/ transparent mode with this new setting.

• Palo Alto Firewall and VSYS

• Cisco ASA and ASA Context

• Fortinet FortiGate Firewall and VDOM