-
Notifications
You must be signed in to change notification settings - Fork 1
Firewall
FeIix edited this page May 10, 2026
·
18 revisions
| ASA Deployment Mode | ASA Interface Mode | Security Context Modes |
|---|---|---|
| Routed | Routed | Single- or Multiple-context |
| Transparent | Switched (BVI) | Single- or Multiple-context |
A multiple-context mode allows a single physical ASA to be partitioned into multiple isolated virtual devices.
.------- Inside
61.202.20.2 / 192.168.0.0/24
Internet -------Outside-- ( ASA )
\ 10.10.0.0/24
`------- DMZ
61.202.20.2 192.168.0.0/24
Internet --------Outside-- ( Router ) ---Inside--- ( ASA ) --- Hosts
| FTD Interface Mode | FTD Deployment Mode | Description | Traffic can be dropped |
|---|---|---|---|
| Routed | Routed | Full LINA engine and Snort-engine checks | Yes |
| Switched (BVI) | Transparent | Full LINA engine and Snort-engine checks | Yes |
| Inline Pair | Routed or Transparent | Partial LINA engine and full Snort-engine checks | Yes |
| Inline Pair with Tap | Routed or Transparent | Partial LINA engine and full Snort-engine checks | No |
| Passive | Routed or Transparent | Partial LINA engine and full Snort-engine checks | No |
| Passive (ERSPAN) | Routed | Partial LINA engine and full Snort-engine checks | No |
LINA engine is a firewall engine.
Encapsulated Remote SPAN (ERSPAN) uses GRE to tunnel mirrored traffic across Layer 3 boundaries from remote switches.