Securing Networks with Cisco Firepower: Extending User Segment through FTD Device in Routed Mode

Extending User Segment through FTD Device in Routed Mode

Prev Question Next Question

Question

A network engineer is extending a user segment through an FTD device for traffic inspection without creating another IP subnet.

How is this accomplished on an FTD device in routed mode?

Answers

A. by assigning an inline set interface

B. by using a BVI and creating a BVI IP address in the same subnet as the user segment

C. by leveraging the ARP to direct traffic through the firewall

D. by bypassing protocol inspection by leveraging pre-filter rules.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

When extending a user segment through an FTD device for traffic inspection without creating another IP subnet on an FTD device in routed mode, the method used is by using a BVI and creating a BVI IP address in the same subnet as the user segment.

A BVI or Bridge Virtual Interface is a virtual interface that allows an FTD device to bridge two interfaces together. A BVI is an interface that is created to assign an IP address to a bridge. By assigning an IP address to the BVI, the device can communicate with other devices in the network.

To create a BVI, you need to perform the following steps:

Create a new bridge group
Add the interfaces that you want to bridge to the new bridge group
Create a BVI and assign an IP address to it
Associate the BVI with the bridge group
Configure the firewall rules to allow traffic to flow through the BVI

Once the BVI is created and configured, traffic will flow through the BVI for inspection without the need to create another IP subnet.

Therefore, the correct answer is B. by using a BVI and creating a BVI IP address in the same subnet as the user segment.

Prev Question Next Question