An engineer is configuring a Cisco FTD appliance in IPS-only mode and needs to utilize fail-to-wire interfaces.
Which interface mode should be used to meet these requirements?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/configuration/guide/fpmc-config-guide-v63/When configuring a Cisco Firepower Threat Defense (FTD) appliance in IPS-only mode, one of the ways to handle network traffic is by using fail-to-wire interfaces. Fail-to-wire interfaces are a type of network interface that allows traffic to pass through the appliance without being interrupted in the event of a power loss or software failure.
To determine which interface mode to use in this scenario, let's first define each of the four options:
A. Passive: A passive interface is one that does not participate in routing updates and does not forward traffic, but instead, allows traffic to be monitored and analyzed.
B. Routed: A routed interface is one that participates in routing updates and forwards traffic to other networks.
C. Transparent: A transparent interface is one that does not participate in routing updates, but instead, allows traffic to pass through the firewall without being modified.
D. Inline set: An inline set interface is one that is used for traffic interception and modification, allowing traffic to be inspected and filtered before it is forwarded to its destination.
In this scenario, since the engineer needs to use fail-to-wire interfaces to ensure traffic passes through the appliance in the event of a power loss or software failure, they should use the transparent interface mode.
Transparent mode allows traffic to pass through the appliance without being modified, allowing the appliance to still pass traffic if it were to fail. In contrast, if the appliance was configured in inline set mode, a failure of the appliance could potentially interrupt traffic flow.
Therefore, the correct answer is C. transparent.