Cisco Firepower Bridge Groups: Characteristics, Functions, and Configuration

Bridge Groups on a Cisco FTD

Question

What is a characteristic of bridge groups on a Cisco FTD?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

A.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/general/asa-97-general-config/intro-fw.pdf

Bridge groups on a Cisco Firepower Threat Defense (FTD) device are used to group together a set of interfaces that are used for bridging. A bridge group is a logical construct used to enable bridging between interfaces. Bridging is a method of connecting two or more network segments at the data link layer (Layer 2) of the OSI model. It is different from routing, which operates at the network layer (Layer 3).

In routed firewall mode, the FTD device acts as a Layer 3 firewall, and routing between bridge groups is supported. This means that packets can be forwarded between different bridge groups using Layer 3 routing protocols, such as OSPF or BGP. This allows for more flexibility in network design, as different bridge groups can be used to segment traffic based on different criteria, such as VLAN or subnet.

However, routing between bridge groups in routed firewall mode must pass through a routed interface. This means that a Layer 3 interface must be configured on the FTD device, and traffic between bridge groups must be routed through this interface. This can add additional complexity to the network design, as routing rules must be carefully configured to ensure proper forwarding of traffic.

In transparent firewall mode, the FTD device acts as a Layer 2 firewall, and routing between bridge groups is also supported. This means that packets can be forwarded between different bridge groups without the need for Layer 3 routing protocols or a routed interface. However, in this mode, the FTD device does not perform any IP address or TCP/UDP port inspection, and only operates at the Layer 2 level.

Therefore, the correct answer to the question is D: In transparent firewall mode, routing between bridge groups is supported.