An engineer is tasked with deploying an internal perimeter firewall that will support multiple DMZs.
Each DMZ has a unique private IP subnet range.
How is this requirement satisfied?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/intro-fw.htmlTo support multiple DMZs with unique private IP subnets, the internal perimeter firewall must be deployed in routed mode with access control policies or NAT configured.
Routed mode means that the firewall acts as a router, forwarding traffic between different networks (in this case, the DMZs and the internal network) based on their IP addresses. Access control policies can then be configured to control what traffic is allowed or denied between these networks.
NAT (Network Address Translation) can also be used to translate the private IP addresses of the DMZs to public IP addresses, making them accessible from the internet. This can be useful if the DMZs host public-facing services like web servers or email servers.
Deploying the firewall in transparent mode, on the other hand, means that the firewall doesn't act as a router and doesn't modify the IP addresses of packets passing through it. Instead, it simply inspects the traffic and enforces access control policies based on other criteria, like port numbers or application protocols. This mode is typically used for situations where the firewall needs to be transparent to the network, for example, to prevent disruptions in the existing network topology.
Therefore, option B (Deploy the firewall in routed mode with access control policies) or option C (Deploy the firewall in routed mode with NAT configured) are the correct choices to satisfy the requirement of supporting multiple DMZs with unique private IP subnet ranges.