Layer 2 Firewall deployment in Passive Firewall mode

In Passive Firewall mode, a Layer 2 Firewall inspects but does not actively filter traffic.

Layer 2 Firewalls can be deployed in Passive Firewall mode in two ways:

• In capture mode to inspect packets that have been duplicated for inspection through SPAN or mirror ports.
• In passive inline mode by setting the engine to only log connections by default.

In a capture mode installation, packets are duplicated for inspection through a SPAN or mirror port on a switch/router. In a Layer 2 Firewall Cluster, each node must be connected to a SPAN or mirror port of its own.

Figure: Passive Firewall: a Single Layer 2 Firewall in capture mode with SPAN/mirror ports

When you select Only Log Connection mode for the global Default Connection Termination, you can deploy Layer 2 Firewalls in Passive Firewall mode in an inline configuration.

Figure: Passive Firewall: a Single Layer 2 Firewall in passive inline mode