-
Notifications
You must be signed in to change notification settings - Fork 1
Firewall
FeIix edited this page May 10, 2026
·
18 revisions
ASA supports a multiple context mode which allows a single physical Cisco ASA to be partitioned into multiple virtual devices, known as security contexts.
| ASA Deployment Mode | ASA Interface Mode | Security Modes Supported |
|---|---|---|
| Routed | Routed | Single- and Multiple-context |
| Transparent | Switched (BVI) | Single- and Multiple-context |
.------- Inside
61.202.20.2 / 192.168.0.0/24
Internet -------Outside-- ( ASA )
\ 10.10.0.0/24
`------- DMZ
61.202.20.2 192.168.0.0/24
Internet --------Outside-- ( Router ) ---Inside--- ( ASA ) --- Hosts
| FTD Interface Mode | FTD Deployment Mode | Description | Traffic can be dropped |
|---|---|---|---|
| Routed | Routed | Full LINA engine and Snort-engine checks | Yes |
| Switched (BVI) | Transparent | Full LINA engine and Snort-engine checks | Yes |
| Inline Pair | Routed or Transparent | Partial LINA engine and full Snort-engine checks | Yes |
| Inline Pair with Tap | Routed or Transparent | Partial LINA engine and full Snort-engine checks | No |
| Passive | Routed or Transparent | Partial LINA engine and full Snort-engine checks | No |
| Passive (ERSPAN) | Routed | Partial LINA engine and full Snort-engine checks | No |
LINA engine is a firewall engine.
Encapsulated Remote SPAN (ERSPAN) uses GRE to tunnel mirrored traffic across Layer 3 boundaries from remote switches.