Unsupported Features for Bridge Groups in Transparent Mode
The following table lists the features are not supported in bridge groups in transparent mode.
|
Feature |
Description |
|---|---|
|
Dynamic DNS |
— |
|
DHCP relay |
The transparent firewall can act as a DHCPv4 server, but it does not support DHCP relay. DHCP relay is not required because you can allow DHCP traffic to pass through using two access rules: one that allows DCHP requests from the inside interface to the outside, and one that allows the replies from the server in the other direction. |
|
Dynamic routing protocols |
You can, however, add static routes for traffic originating on the threat defense device for bridge group member interfaces. You can also allow dynamic routing protocols through the threat defense device using an access rule. |
|
Multicast IP routing |
You can allow multicast traffic through the threat defense device by allowing it in an access rule. |
|
QoS |
— |
|
VPN termination for through traffic |
The transparent firewall supports site-to-site VPN tunnels for management connections only on bridge group member interfaces. It does not terminate VPN connections for traffic through the threat defense device. You can pass VPN traffic through the ASA using an access rule, but it does not terminate non-management connections. |