Enabling Transparent Mode
When you decide to enable transparent mode, ensure that your configuration has been
backed up. When this feature is enabled, it will clear the current configuration to avoid any
command conflicts that may exist with the currently deployed configuration. To enable
transparent mode, use the firewall transparent command in the global configuration mode.
If you are using multiple contexts, you must execute this command in the system
configuration mode, which will affect all configured contexts. Use the show firewall
command in privileged mode to verify that the firewall has accepted the new transparent
mode, as shown in Example 6-11.
The last configuration required to enable transparent mode is to assign an IP address to an
interface for management access to the Security Context:
ip address ip_address [netmask]
This will allow you to manage the Security Appliance remotely. The IP address will also be
used as the source address for any traffic that originates from the Security Appliance, or for
syslog and Simple Network Management Protocol (SNMP) alarm messages. If you are using
multiple contexts, you must assign an IP address for each context configured. To configure
an IP address, use the ip address command in global-configuration mode. The IP address used
must be in the same subnet as a network directly connected to the Security Appliance. You
can display the current management-port configuration using the show ip address command
in privileged mode, as shown in Example 6-12. Example 6-13 uses the same process but in
multicontext mode.
Example 6-11 Enabling Transparent Mode Output
Pix(config)# firewall transparent
Pix(config)# exit
Pix# show firewall
Firewall mode: Transparent