Firewall

Cisco ASA and FTD

Adaptive Security Appliance (ASA)

ASA Deployment Mode	ASA Interface Mode
Routed	Routed
Transport	Switched (BVI)

Routed Deployment

                                 .------- Inside
                61.202.20.2     /      192.168.0.0/24
 Internet -------Outside-- ( ASA ) 
                                \      10.10.0.0/24
                                 `------- DMZ

Transport Deployment

                61.202.20.2                    192.168.0.0/24
 Internet --------Outside-- ( Router ) ---Inside--- ( ASA ) --- Hosts

Firepower Threat Defense (FTD)

FTD Interface Mode	FTD Deployment Mode	Description	Traffic can be dropped
Routed	Routed	Full LINA engine and Snort-engine checks	Yes
Switched (BVI)	Transparent	Full LINA engine and Snort-engine checks	Yes
Inline Pair	Routed or Transparent	Partial LINA engine and full Snort-engine checks	Yes
Inline Pair with Tap	Routed or Transparent	Partial LINA engine and full Snort-engine checks	No
Passive	Routed or Transparent	Partial LINA engine and full Snort-engine checks	No
Passive (ERSPAN)	Routed	Partial LINA engine and full Snort-engine checks	No

LINA engine is a firewall engine
Encapsulated Remote SPAN (ERSPAN) uses GRE to tunnel mirrored traffic across Layer 3 boundaries from remote switches.

Firewall

Cisco ASA and FTD

Adaptive Security Appliance (ASA)

Routed Deployment

Transport Deployment

Firepower Threat Defense (FTD)

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!