When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two.)
When a Cisco FTD device is configured in transparent firewall mode, on which two interface types can an IP address be configured? (Choose two.)
When a Cisco FTD (Firepower Threat Defense) device is configured in transparent firewall mode, an IP address can be configured on interfaces that support Layer 3 functions. These interfaces are the Bridge Virtual Interface (BVI) and the Diagnostic interface. The BVI interface is used to manage traffic bridged through the firewall, while the Diagnostic interface can be used for management purposes, such as SNMP or syslog monitoring. Therefore, the correct answers are BVI and Diagnostic.
in transparent firewall mode you can only configure BVI and Diagnostic interfaces
D and E are correct. in transparent firewall mode you can only configure BVI and Diagnostic but not the physical interfaces
D & E is my choice. Physical & sub-int are layer 2
The correct answers are A (Physical) and C (Subinterface). (Diagnostic) is not correct because Diagnostic interfaces are used for troubleshooting and are not used for normal network traffic. https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200908-configuring-firepower-threat-defense-int.html
The question is in Transparent mode. In transparent mode you can configure IP on BVI and diagnostic. You cant configure it on physical or subinterface
A/C Subinterface can obviously configured with an IP just like a physical one. Diagnostic Interface (cannot be configured with an IP) The Diagnostic logical interface can be configured along with the rest of the data interfaces on the Devices > Device Management > Interfaces screen. Using the Diagnostic interface is optional (see the routed and transparent mode deployments for scenarios). The Diagnostic interface only allows management traffic, and does not allow through traffic. It does not support SSH; you can SSH to data interfaces or to the Management interface only. The Diagnostic interface is useful for SNMP or syslog monitoring. https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/interface_overview_for_firepower_threat_defense.html#concept_8628A651D0AF4F59B7021A67FADCD513 The Diagnostic/Management interface does not belong to a zone or interface group.
n addition to each Bridge Virtual Interface (BVI) IP address, you can add a separate slot/port interface that is not part of any bridge group, and that allows only management traffic to the FTD device.