Cisco ASA transparent mode

When a Cisco ASA is run in transparent mode, am I correct in thinking that all layer 2 broadcast traffic is allowed through the firewall? Does this not leave the chance that viruses / malicious code could be broadcast through to end systems??

Who is Participating?
Ernie BeekExpertCommented:

These destination MAC addresses are allowed through the transparent firewall. Any MAC address not on this list is dropped.

TRUE broadcast destination MAC address equal to FFFF.FFFF.FFFF
IPv4 multicast MAC addresses from 0100.5E00.0000 to 0100.5EFE.FFFF
IPv6 multicast MAC addresses from 3333.0000.0000 to 3333.FFFF.FFFF
BPDU multicast address equal to 0100.0CCC.CCCD
AppleTalk multicast MAC addresses from 0900.0700.0000 to 0900.07FF.FFFF


The thing is that a virus can't broadcast itself to another machine. It might consume a lot of bandwidth though if there is a trojan/virus broadcasting over the network.
Don't make the mistake by thinking that a firewall is an effective defense against virusses/trojans/etc. because that isn't what it's there for.
If seen lot's of people complaining that they had a virus on their pc, 'but i have a firewall !?'
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.