Definition of transparent mode for the firewall


For the firewall, the transparent mode is a common deployment mode.
The service interfaces of the device work at Layer 2 (data link layer) to forward Layer 2 packets. In this case, the device can serve as a switch and can perform security protection on the traffic without changing the original network structure and configuration after being connected to the original gateway device in transparent mode. Therefore, this deployment mode is usually called the "transparent mode".

Other related questions:
Firewall working mode of an AR router
To improve networking flexibility of the firewall, a working mode is defined for different interfaces, instead of an entire router. The working mode of interfaces is defined as routing mode. If a router is located between an internal network and an external network, the firewall configures IP addresses of different segments for the interfaces connecting to the internal network and the external network, respectively, and re-plans the original topological structure. Example: PC (internal network: trust) - AR (with embedded firewall) - (external network: untrust) PC Two security zones are planned: trust zone and untrust zone. The interface of the trust zone is connected to the internal network, and the interface of the untrust zone is connected to the external network. It should be noted that the interfaces of the trust zone and untrust zone are located on two different subnets, separately. When packets are forwarded between interfaces of the Layer 3 zone, the router queries the routing table based on IP addresses of the packets. Unlike other router devices, the AR router further processes the IP packets. It queries the session table or the ACL to determine whether to release the packets. Besides, the firewall needs to complete other attack defense check.

Whether the firewall supports transparent mode
The USG2000&5000&6000 support transparent mode.

Whether the firewall supports source NAT in transparent mode (service interfaces working in switching mode)
Yes. However, the post-NAT source address can use addresses in the address pool, but not addresses of outbound interfaces.

Definitions of the DMZ on the firewall
A dmz is an intermediate zone between a military zone and a public zone. A dmz zone configured on a FW is logically and physically separated from internal and external networks. Devices that provide network services for external users are deployed in a dmz zone. These devices include WWW and FTP servers. The servers run security risks if they are placed on an external network. If the servers are placed on an internal network, their security vulnerabilities may provide an opportunity for external malicious users to attack the internal network. The dmz zone is developed to solve the preceding problems.

Whether USG2000&5000 series virtual firewalls support transparent mode
The virtual firewall supports transparent mode. You can bind virtual firewalls in transparent mode to VLANs one by one to isolate addresses on the same network segment.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top