-
Notifications
You must be signed in to change notification settings - Fork 1
Firewall
FeIix edited this page May 10, 2026
·
18 revisions
| ASA Deployment Mode | ASA Interface Mode | Security Context Modes |
|---|---|---|
| Routed | Routed | Single- or Multiple-context |
| Transparent | Switched (BVI) | Single- or Multiple-context |
A multiple-context mode allows a single physical ASA to be partitioned into multiple isolated virtual devices.
61.202.20.2 .------- inside 192.168.0.0/24
INTERNET ----------outside---- ( ASA )
`------- dmz_zone 10.10.0.0/24
Functioning like a switch
61.202.20.2 192.168.0.0/24 .------ HOSTS .11
INTERNET ----------outside--- ( ROUTER ) ---inside---- ( ASA )
`------ HOSTS .12
| FTD Interface Mode | FTD Deployment Mode | Description | Traffic can be dropped |
|---|---|---|---|
| Routed | Routed | Full LINA engine (firewall) and Snort engine (IPS) checks | Yes |
| Switched (BVI) | Transparent | Full LINA engine and Snort engine checks | Yes |
| Inline Pair | Routed or Transparent | Partial LINA engine and full Snort engine checks | Yes |
| Inline Pair with Tap | Routed or Transparent | Partial LINA engine and full Snort engine checks | No |
| Passive | Routed or Transparent | Partial LINA engine and full Snort engine checks | No |
| Passive (ERSPAN) | Routed | Partial LINA engine and full Snort engine checks | No |
Encapsulated Remote SPAN (ERSPAN) uses GRE to tunnel mirrored traffic across Layer 3 boundaries from remote switches.
Functioning like a wire
61.202.20.2 192.168.0.0/24
INTERNET ----------outside--- ( ROUTER ) ---inside---- ( FTD/IPS ) ----inside