Restrictions for Layer 2 Transparent Firewalls Support
-
Address Resolution Protocol (ARP) inspection is not supported.
-
Layer 2 forwarding technologies such as bridge domain, bridge domain interfaces (BDI), Overlay Transport Virtualization (OTV), X-Connect, Virtual Private LAN Services (VPLS), VxLAN, and non-IP flows, are not supported.
-
Only normal IP or simple VLAN is supported on Ethernet frames. The transparent firewall generates TCP reset (RST) packets and sends these packets in supported Ethernet frame.
-
TCP RST is not supported after intrabox high availability switchover.
-
Virtual TCP (vTCP) is not supported.
-
Network Address Translation (NAT), Box-to-Box (B2B) high availability, Multiprotocol Label Switching (MPLS), Virtual Routing and Forwarding (VRF) instances, VRF-Aware Software Infrastructure (VASI), Locator-ID Separation Protocol (LISP) are not supported in the Layer 2 switch path.
-
Non IP packet flows like Ethernet Operation, Administration, and Maintenance (OAM), Connectivity Fault Management (CFM) is not supported.
-
Layer 2-based access control lists (ACLs) are not supported in the transparent firewall class map.