Troubleshooting Bridge Groups and Multicast
Question
An organization has a Cisco FTD that uses bridge groups to pass traffic from the inside interfaces to the outside interfaces.
They are unable to gather information about neighboring Cisco devices or use multicast in their environment.
What must be done to resolve this issue?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://www.cisco.com/c/en/us/td/docs/security/firepower/623/configuration/guide/fpmc-config-guide-v623/The issue in this scenario is that the organization is unable to gather information about neighboring Cisco devices or use multicast in their environment. This indicates that there may be a problem with the way the FTD is configured.
In this case, the FTD is using bridge groups to pass traffic from the inside interfaces to the outside interfaces. Bridge groups are typically used in transparent firewall mode, where the firewall operates at Layer 2 and is used to filter traffic based on MAC addresses.
Option A suggests creating a firewall rule to allow CDP traffic. CDP is a Cisco proprietary protocol used to gather information about neighboring Cisco devices. If the firewall is blocking CDP traffic, this could explain why the organization is unable to gather information about neighboring devices. However, this option does not address the issue with multicast.
Option B suggests creating a bridge group with the firewall interfaces. This option may already be in place since the organization is already using bridge groups. It does not address the issue with CDP or multicast.
Option C suggests changing the firewall mode to transparent. This would allow the FTD to operate at Layer 2 and could potentially resolve the issue with CDP and multicast. However, it may also introduce other issues if the organization is relying on the FTD to perform Layer 3 functions such as routing or NAT.
Option D suggests changing the firewall mode to routed. This would allow the FTD to perform Layer 3 functions such as routing and NAT. However, it would not address the issue with CDP or multicast.
Based on the information provided, the best option for resolving the issue with CDP and multicast is to select option C, changing the firewall mode to transparent. This will allow the FTD to operate at Layer 2 and pass CDP traffic and multicast traffic. However, it is important to note that changing the firewall mode could have other implications for the organization's network and should be done with caution.
