Solved

Cisco ASA EAL4 transparent firewall config? Do I need to use MAC filtering?

Posted on 2011-03-15
1
748 Views
Last Modified: 2012-06-27
I am configuring an ASA5540 firewall for a client, only difference to usual being that it is to run in Transparent mode. I have looked through for an EAL4 transparent firewall config guide but found nothing and therefore assumed that the usual one would be used.

The clients security bod has now come back and insisted MAC filtering should be used but I can find no reference of this anywhere.

Can someone tell if MAC filtering is required to make a transparent box EAL4 compliant and if so where I can find documentation supporting this?

Thanks in advance
Chris
0
Comment
Question by:Chris_944
1 Comment
 

Accepted Solution

by:
Chris_944 earned 0 total points
ID: 35137102
Incase anyone runs accross the same question after an hour or 2 trawling through the EAL4 config guide again I came accross this. So Yes, it is required.

Inspect ARP
To configure the ARP inspection engine, use the arp-inspection command in global configuration mode. ARP inspection is required when a firewall context is operating in transparent mode, to prevent IP spoofing of traffic.

To complete the configuration of ARP inspection the administrator must create static ARP entries for each host protected by the firewall context.

hostname(config)# arp inside 1.2.3.4 0050.abcd.1234
hostname(config)# arp-inspection outside enable
hostname(config)# arp-inspection inside enable

Cheers Chris
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5506 5 37
Cisco ASA NAT question. 9 22
VLSM calcuation 5 26
Cisco Any Connect Client 5 12
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now