Bridge-Group Interfaces Features

CD.

Bridge-group interfaces in Cisco Firepower Threat Defense (FTD) are used to bridge traffic between interfaces without the use of routing. Two features of bridge-group interfaces in Cisco FTD are:

B. Bridge groups are supported in both transparent and routed firewall modes: Bridge groups can be used in both transparent and routed firewall modes. In transparent mode, the firewall is used to inspect traffic without changing the IP address or MAC address of the traffic. In routed mode, the firewall is used to route traffic between different subnets. In both modes, bridge groups can be used to bridge traffic between interfaces.

A. The BVI IP address must be in a separate subnet from the connected network: The BVI (Bridge Virtual Interface) is a logical interface used to manage the bridge group. The IP address assigned to the BVI must be in a separate subnet from the connected networks to avoid IP conflicts. The BVI IP address is used to manage the bridge group and to receive management traffic, such as Simple Network Management Protocol (SNMP) and syslog messages.

Therefore, options A and B are the correct answers. Option C is incorrect because bridge groups are supported in both transparent and routed firewall modes. Option D is incorrect because Bidirectional Forwarding Detection (BFD) echo packets are not allowed through the FTD when using bridge-group members. Option E is incorrect because directly connected networks can be on different subnets.