94 Rockwell Automation Publication 1783-UM010C-EN-P - June 2019
Chapter 8 Firewall Modes
Inline Transparent Monitor-only Mode
In an inline monitor-only deployment, a copy of the traffic is sent to the IFW
FirePOWER module, but it is not returned to the firewall. Inline
monitor-only mode indicates what the IFW FirePOWER module can do to
traffic, and allows you to evaluate the content of the traffic, without impacting
the network. However, in this mode, the Firewall applies its policies to the
traffic, so traffic can be dropped due to access rules, TCP normalization, and so
forth.
Inline transparent monitor-only mode sends a duplicate stream of traffic to the
IFW FirePOWER module for monitoring purposes only. The module applies
the security policy to the traffic and logs what it could do if it were operating in
inline transparent mode. For example, traffic could be marked
‘would have dropped’, in events. You can use this information for traffic
analysis and to help you decide if inline transparent mode is desirable.
Figure 24
shows the traffic flow when using the IFW in inline transparent
monitor-only mode.
Figure 24 - IFW Traffic Flow for Inline Transparent Monitor-only Mode
As shown in the figure, traffic flows through the IFW as follows:
1. Traffic enters the IFW.
2. Firewall policies are applied.
3. Copied traffic is sent to the FirePOWER module.
4. The FirePOWER module applies its security policy to the traffic, and
logs events only.
5. Traffic exits the IFW.
TIP You cannot configure both inline monitor-only mode and normal inline
mode simultaneously on the ASA. Only one type of security policy is
allowed.
To Next Page
Loading...