Learn about transparent firewalls, benefits, and the differences between modes.
Benefits of Fortinet Data Center Firewalls Speak with an Expert
Definition
Layer 2 Firewall
Transparent Firewall Benefits
How Fortinet Can Help
Definition
Layer 2 Firewall
Transparent Firewall Benefits
How Fortinet Can Help
Transparent Firewall Definition
A transparent firewall, also known as a bridge firewall, is a Layer 2 application that installs easily into an existing network without modifying the Internet Protocol (IP) address. The transparent firewall is not a routed hop but instead acts as a bridge by inspecting and moving network frames between interfaces.
A transparent firewall can be seen as a “stealth firewall” that supports outside and inside interfaces. With a transparent firewall, security equipment is connected to the same network on internal and external ports, with a separate virtual local-area network (VLAN) for each interface.
Activating the transparent mode on a firewall takes it from a Layer 3 routing mode into a Layer 2 bridging device. This helps organizations solve issues relating to traffic visibility and threat protection without having to re-architect their network.
Layer 2 Firewall
A key feature of transparent firewalls is that they sit in Layer 2 of theOpen Systems Interconnection (OSI) model. OSI is a framework that characterizes and standardizes communications protocols and describes the functions of networking systems, such as telecommunications and computing systems. It categorizes the functions of network components and outlines the rules and requirements that support the hardware and software that comprise the network.
Within the OSI model, Layer 2 is the data link layer, which enables data transfers between devices on the same network. It breaks packets into pieces, or frames, and handles the flow and error control of the data. Within this are two sub-layers, the media access control (MAC) and logical link control (LLC) layers.
However, firewalls typically operate at Layers 3 and 4, the network and transport layers. The network layer enables data transfer between two networks and performs routing functions, while the transport layer manages, sends, and receives end-to-end communication between devices by dividing data into segments. Furthermore, IP addresses work at Layer 3, and Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port numbers operate at Layer 4.
Where is a transparent firewall deployed?
A transparent firewall operates at Layer 2 of the OSI model, the data link layer. It is deployed between a router and a switch, or between a router and the internet.
Difference between transparent mode and routed mode
A transparent firewall is so-called because it refers to the firewall being taken from route mode into transparent mode.Most firewalls use routed mode, which means they can route packets and filter exterior traffic from the internet and interior traffic from an internal network. These firewalls sit at Level 3 and have IP addresses assigned to the network.
A key disadvantage of a routed firewall is the time delay they can cause to packet transmission because of protocols like Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP).
Transparent mode does not have an IP address within the network, which ensures they are not visible on a network. This is ideal for complex connected networks that do not allow for modification, significantly reducing delays caused by deployment complexity.
Benefits of Using a Firewall's Transparent Mode
Simplicity of configuration
A key benefit of a transparent bridge firewall is that it can be rapidly deployed without complicated configuration processes. That is in comparison to routing mode, which requires significant IP and network readdressing, which can be a complex and lengthy process.
Device is undetectable
Because transparent firewalls do not have an IP address within the network, they are more stealthy and undetectable by attackers. This provides a major security advantage because it means the network is less susceptible to hacker attacks that use network probes or denial-of-service (DoS) attacks.
Non-IP traffic can be permitted or denied
Using a firewall in transparent mode also allows non-IP traffic through, which is not possible in routing mode. Networks use access control lists (ACLs) to control and manage incoming and outgoing traffic. A transparent firewall enables any traffic—even non-IP traffic like AppleTalk, bridge protocol data units, and IP exchange—to pass through the network.
How Fortinet Can Help
FortiGate Next Generation Firewalls (NGFW) seamlessly integrates advanced networking and robust security providing industry-leading threat protection and decryption with a custom ASIC architecture for superior performance and energy efficiency at scale. Powered by FortiOS ensuring consistent security across networks, streamlining operations, and convergence of networking and security across WLAN, LAN, SASE, and NGFW eliminating the need for multiple products with integrated SD-WAN and Universal ZTNA into FortiGates. Customers are safeguarded against the latest threats with AI-enhanced protection from FortiGuard Security Services and FortiManager for centralized and unified policy management of Hybrid Mesh Firewalls. FortiGates are the foundation of the Fortinet Security Fabric ensuring consistent security, converging networking and security to rapidly respond to threats, and ensuring a secure, responsive network environment. This comprehensive platform approach, covering everything across diverse networks, endpoints, and clouds, provides a tailored, efficient cybersecurity solution.
Please fill out the form and a knowledgeable representative will get in touch with you soon.
