Transparent Firewall

A transparent firewall, also known as a bridge firewall, is a Layer 2 application that installs easily into an existing network without modifying the Internet Protocol (IP) address. The transparent firewall is not a routed hop but instead acts as a bridge by inspecting and moving network frames between interfaces. 

A transparent firewall can be seen as a “stealth firewall” that supports outside and inside interfaces. With a transparent firewall, security equipment is connected to the same network on internal and external ports, with a separate virtual local-area network (VLAN) for each interface.

Activating the transparent mode on a firewall takes it from a Layer 3 routing mode into a Layer 2 bridging device. This helps organizations solve issues relating to traffic visibility and threat protection without having to re-architect their network.

A key feature of transparent firewalls is that they sit in Layer 2 of the Open Systems Interconnection (OSI) model. OSI is a framework that characterizes and standardizes communications protocols and describes the functions of networking systems, such as telecommunications and computing systems. It categorizes the functions of network components and outlines the rules and requirements that support the hardware and software that comprise the network.

Within the OSI model, Layer 2 is the data link layer, which enables data transfers between devices on the same network. It breaks packets into pieces, or frames, and handles the flow and error control of the data. Within this are two sub-layers, the media access control (MAC) and logical link control (LLC) layers.

However, firewalls typically operate at Layers 3 and 4, the network and transport layers. The network layer enables data transfer between two networks and performs routing functions, while the transport layer manages, sends, and receives end-to-end communication between devices by dividing data into segments. Furthermore, IP addresses work at Layer 3, and Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) port numbers operate at Layer 4.

A transparent firewall operates at Layer 2 of the OSI model, the data link layer. It is deployed between a router and a switch, or between a router and the internet. 

A transparent firewall is so-called because it refers to the firewall being taken from route mode into transparent mode. Most firewalls use routed mode, which means they can route packets and filter exterior traffic from the internet and interior traffic from an internal network. These firewalls sit at Level 3 and have IP addresses assigned to the network. 

A key disadvantage of a routed firewall is the time delay they can cause to packet transmission because of protocols like Spanning Tree Protocol (STP) and Rapid Spanning Tree Protocol (RSTP). 

Transparent mode does not have an IP address within the network, which ensures they are not visible on a network. This is ideal for complex connected networks that do not allow for modification, significantly reducing delays caused by deployment complexity.

Next-generation firewalls (NGFWs) are crucial to helping organizations protect themselves from known risks, as well as new and evolving threats from inside and outside their networks. The Fortinet FortiGate NGFWs inspect traffic as it enters and exits networks at hyperscale, ensuring that only legitimate traffic is provided access without affecting user experience or resulting in downtime. 

The Fortinet internal segmentation firewall (ISFW) can also be installed in transparent mode, giving organizations a secure network connection without using routing or NAT protocols.