We're replacing an old Tipping Point transparent/bridge IPS. It has legs that sit in-line between our external firewall and LAN core, our WAN gateway and LAN core, and the DMZ and external firewall. It's for layered security.
We're looking at FTD (specifically 2100 series) as a replacement for this old unit, but I'm really confused about the behavior in Transparent/bridge mode.
The documentation says:
The BVI does not support traffic on secondary networks; only traffic on the same network as the BVI IP address is supported.
What exactly does it mean by secondary networks?
The diagram Figure 1 on page 2 of this document might help explain where I'm confused.
In our network, Network A is a /29 subnet with only two hosts--the core and firewall interfaces. Would traffic from Network B (or any of our access subnets/vlans) routed to the external firewall/internet be inspected or supported?
No comments:
Post a Comment