Add to collection(s) Add to saved
  1. No category
Uploaded by jane.jeevaraj

Transparent Mode

advertisement 
Transparent Mode Quick Facts
This document contains a basic description of the layer 2 firewall functionality offered by
the Nokia Security Appliance. This is NOT a step-by-step configuration guide. The main
goal of this document is to complement the FAQ document located on the Nokia Support
Website and to provide additional information to users who are considering deploying the
technology.
1) What is Transparent Mode used for?
Answer: Transparent Mode allows the Nokia Security Appliance to act as a “layer two”
firewall (also known as a bridging firewall).
The example below illustrates how a Nokia Appliance running Check Point Firewall-1
can be dropped into an existing segment (with two interfaces configured in transparent
mode) without the need to re-address any device in that segment.
Before deploying a Nokia Firewall in layer 2 mode:
Internet
198.6.1.10/24
198.6.1.20/24
After deploying a Nokia firewall in layer 2 mode:
Q uickTim e™ and a G r aphics decom pr essor ar e needed t o see t his pict ur e.
198.6.1.12/24
198.6.1.10/24
Internet
198.6.1.20/24
Note: In the example above, both of the interfaces configured in transparent mode (in this
case, interfaces eth2 and eth4) share a single IP address (in this case 198.6.1.12/24).
When configuring the firewall object topology in Check Point’s Smart Center
(illustration shown below) we will only see one of the two interfaces configured in
transparent mode (eth2 in this example) and only the one IP address we assigned to that
transparent group.
As shown below in the topology screen, we can assign IP addresses to any of the other
interfaces. The other interfaces behave normally and route traffic based on layer three
data. Check Point is not aware that some of the packets are being forwarded based on
layer two decisions. The whole process is transparent to FW-1.
2) Can a Nokia Appliance running transparent mode work as a layer three firewall?
Answer: Yes. Some interfaces can be configured in transparent mode while others are
configured “normally”. Traffic between transparent mode interfaces will be inspected at
layer two while traffic between normal interfaces (or between transparent and normal
interfaces) will be inspected at layer three. This can occur simultaneously.
3) What Nokia features are supported on transparent mode interfaces?
Answer: Firewall State Inspection, VPNs, VLans, Dynamic Routing, SecureXL/Flows,
VRRP HA, Check Point Security Servers, IPv6.
4) What features are not supported?
Answer: Transparent mode ports cannot be clustered, No VSX, No Floodgate, No NAT
support, No Spanning Tree or Loop detection. Transparent mode is only limited to
Ethernet interfaces (10/100/1000).
Related documents
G 6 - Sci - Unit 1- cell model activity instrctions
G 6 - Sci - Unit 1- cell model activity instrctions
Chapter 27 - Light
Chapter 27 - Light
Download
advertisement