Exam 300-710 topic 1 question 152 discussion

The design would be to setup the FTD in Routed Mode, create a bridge group and assign an IP address to the BVI (IRB). So the "design" would incorporate both A and D.

Firewall Designs are 2 in case of FTD: Routed and Transparent. Routed mode acts like a Layer 3 hop in the path BUT it can also act as a layer 2 device, functioning like a L2 switch through Bridge Groups, eliminating the need for an external switch (for example 3 pc's connected to 3 firewall ports and having configured the L3 gateway the same firewall). This is why, I think that the correct answer is actually A https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/transparent_or_routed_firewall_mode_for_firepower_threat_defense.html#id_37129

L2=mac addressing, L3=ip routing, IRB feature can forward both.

transparent firewall does not route L3 traffic even with rbi. Routed firewall with bvi works on L2 and L3.

Try looking up Firepower IRB configuration in youtube. There's tons of examples there where such use case has been tackled. So I'd go for D.

What is IRB in FTD? IRB stands for Integrated Routing and Bridging and is a feature that enables bridging between two or more VLANs and routing between these VLANs as well. Therefore, the feature supported by IRB on Cisco FTD devices is D

I am thinking D, IRB. They are asking which will allow the device to forward traffic at layer 2 or layer 3 for the same subnet not specifically within the same subnet. Forwarding traffic within the subnet at layer 2 and when it needs to leave the subnet it can forward at layer 3 to another IP destinations. I think the term “design” is being used incorrectly in the question—darn ESL question writers!

Firewall design is not IRB, IRB is technology to route/switch traffic. Firewall design is either transparent and routed and in this case the correct answer is Transparent

Firewall design is routed vs transparent. The question is about forwarding in L2 and L3 for the same subnet (not forwarding in L2 and routing in L3) - so the correct answer is Transparent. Thank you :)

Firewall design is not IRB, IRB is technology to route/switch traffic. Firewall design is either transparent and routed and in this case the correct answer is Routed

D is the right Answer. With IRB ( BVI) you can switch traffic within LAN and also use BVI as Gateway.

IRB provides Layer 2 bridging service between hosts that are within a Layer 2 domain. Also, it provides routing service for hosts that are in different subnets within a Layer 3 VPN. https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/iosxr/cisco8000/l2vpn/73x/b-l2vpn-cg-cisco8000-73x/m-configure-irb.html.xml