But to be honest I think its pretty bobbins! So I’ll be ripping it out of every 5506-X I deploy. Well if you are a small business and make very little changes to the firewall then this may be fine, (if a little cumbersome to setup). Yes I’m not making it up, that’s the added default config for a new 5506-X firewall, (post version 9.7) if you issue a configure factory-default, that’s what you will get! ( Don’t panic: If you upgrade a firewall it wont add this in!) Is That What You Wanted? ![]() Same-security-traffic permit inter-interface I’ll shorten the default firewall config and show you the ‘added commands’ that are used for this configuration. Unless you have a very simple network that can get very complicated, very quickly! Also note, the same holds true for remote management via SSH/ADSM etc. Oh Great! So Just Like an ASA5505 Then? Well no sorry, I don’t like it because it needs an access-group/ACL for each bridged interface, and a NAT statement for each bridged interface. So on the ASA 5506-X with a default configuration, it ‘Bridges’ interfaces Ge0/2 to Ge0/8, into one interface which you can call the inside interface an give it an IP address. Well not strictly true, Cisco ASA has had BVI interfaces in ‘ transparent mode‘ for some time. To ‘fix’ the problem would probably mean changing hardware, so Cisco gave us a BVI, Bridge Virtual Interface instead (with version 9.7). Because it’s easier to sell a firewall that cost less than 500 quid, than it is to sell a firewall that fits the network requirements! ![]() The problem was, people started throwing them in everywhere, I’ve seen them in large businesses, and in data centres. While I understand that, and if truth be told the ASA 5505, was SUPPOSED to be used in SOHO environments where an all in one device, (with PoE) was a great fit. ![]() When the ASA 5506-X appeared there was much grumbling, “This is not a replacement for the ASA 5505, I need to buy a switch as well!” and “I have six ports on the firewall I cant use” etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |