Super-Networking Blog

I am currently looking into putting additional security onto a network by adding a firewall in-place of an ACL. This network does a ton of traffic and is quite complex so putting in a firewall normally would be no easy task. This network is being run with a 7600 series router which gives me an additional option when it comes to firewalls. I am looking at the Cisco Firewall Module (WS-SVC-FWM-1-K9=). This module has two main modes: Routed Mode and Transparent Mode. Routed mode is your normal firewall mode where you give an IP to each interface and the traffic is routed and possibly NATTed through the firewall. This can pose challenges and basically a network redesign to put a firewall in where there was none. Transparent mode on the other hand allows you to do a “bump in the wire” install so it basically bridged all traffic through the firewall which allows you to keep your current network design. You don’t change any of your NATTing on the router or default gateways on your networks. Now bridges typically are layer 2 only but the firewall is designed to enforce your layer 3 restrictions on this traffic. This mode also still is stateful and maintains your security by session. Main things you lose in this mode are you can’t NAT traffic and you can’t route traffic.

More info on this if I end up putting this in place.