Which of the following are true of ARP traffic on a Cisco zonebased firewall in transparent mode? (Select 2 choices.)

Last Updated on August 4, 2021 by Admin 3

Which of the following are true of ARP traffic on a Cisco zonebased firewall in transparent mode? (Select 2 choices.)

  • It is denied by default.
  • It is permitted only in the inbound direction.
  • It is permitted only in the outbound direction.
  • It is permitted in both inbound and outbound directions.
  • It can be controlled by ARP inspection but not by access rules.
Explanation:
Address Resolution Protocol (ARP) traffic is permitted in both inbound and outbound directions when a Cisco zonebased firewall, such as a Cisco Adaptive Security Appliance (ASA), is operating in transparent mode. In addition, ARP can be controlled by ARP inspection, but not by access rules, on a Cisco ASA that is operating in transparent mode. The default bidirectional flow of ARP traffic in transparent mode is known as an implicit permit. All of the following traffic is implicitly permitted when a Cisco zonebased firewall is operating in transparent mode:
– IP version 4 (IPv4) traffic from a higher security interface to a lower security interface
– IPv6 traffic from a higher security interface to a lower security interface
– ARP traffic in both directions
– Bridge protocol data unit (BPDU) traffic in both directions
Thus a Cisco zonebased firewall operating in transparent mode implicitly permits certain types of traffic at both Layer 2 and Layer 3 of the Open Systems Interconnection (OSI) network model. However, when a Cisco zonebased firewall is operating in routed mode, only Layer 3 IPv4 and IPv6 traffic from a higher security interface to a lower security interface are implicitly permitted.
In either mode, an extended access rule is required to permit additional types of IPv4 traffic. To permit additional types of IPv6 traffic, an IPv6 access rule is required. To permit other types of Layer 2 traffic, an EtherType rule is required.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments