<-- home

cisco asa with firepower services - bridge mode - quick start setup

post by:

Update: Added the relevant sections to include notices that FTD does exist.

Classic ASA currently ships with the Firepower Services module. Firepower Threat Defense is the integrated model, but for those that need to run bridge mode, I have created a quick gist to get you going. If you want to my configuration you will need to modify a few things.

  • Make sure the inside and outside interface ip addresses are changed
  • Make sure that http servers and ssh servers are allowed

The ASA in this case is bare, you are pushing all the firewall logic to the Firepower module, which is pretty inefficient. It would be best if you did all of the L3 / L4 blocking on the ASA itself.

Before someone asks, lets talk about ‘Bridge Mode’ for a minute. Bridge mode has the Firewall act in Layer 2 mode. That doesn’t mean the firewall cannot do Layer 3 - 7 functions, it can. It can actually do all the functions. What it doesn’t do is participate in routing. Just to give you an idea:

  • NAT is supported
  • Routing is NOT supported
  • VPN is supported
  • Layer 3/4 Stateful Firewalling is supported

Finally one of things that you will need to do is physically cable this correctly.

My Configuration has:

  • Outside Interface in port 1
  • Inside Interface in port 2
  • Management interface for firepower module

This is an example of what it could look like:

Screenshot

Picture taken from Cisco’s Website

Configuration:

comments powered by Disqus

© . All rights reserved.