Exam 300-710 topic 1 question 234 discussion

correct answer is Option D: Add a separate bridge group for each segment. To configure access between two network segments within the same IP subnet using a Cisco FTD appliance, a separate bridge group must be created for each segment. A bridge group is a logical entity that enables traffic forwarding between interfaces. By creating a separate bridge group for each network segment, traffic between the segments can be routed through the FTD appliance. Once the bridge groups are created, the FTD appliance can be configured to allow traffic between the segments using access control policies. The policies can specify which traffic is allowed to pass between the segments and which traffic is blocked. In summary, to configure access between two network segments within the same IP subnet using a Cisco FTD appliance, separate bridge groups must be created for each segment.

Agree w B

Both interfaces in the bridge group are in the same segment, 1 group is needed.

As long as two segments are in the same subnet, then just one BVI and one IP address would be needed to enforce communication between both. I’ll do B.

About Routed Firewall Mode Different Subnets (192.168.1.0/24 + 172.16.0.1/24) FTD device uses bridging techniques to pass traffic between the interfaces. Each bridge group includes a Bridge Virtual Interface (BVI) to which you assign an IP address on the network. The FTD device routes between BVIs and regular routed interfaces About Transparent Firewall Mode (192.168.1.0/24) Same Subnet Layer 2 connectivity is achieved by using a "bridge group" where you group together the inside and outside interfaces for a network, and the FTD device uses bridging techniques to pass traffic between the interfaces. Each bridge group includes a Bridge Virtual Interface (BVI) to which you assign an IP address on the network. You can have multiple bridge groups for multiple networks Question is asking "a new Cisco FTD appliance in the network"It means 1 device for 2 segments (L2) Thus, I will go with B

D Bridge Groups in Transparent Firewall Mode Bridge group traffic is isolated from other bridge groups; traffic is not routed to another bridge group within the FTD device, and traffic must exit the FTD device before it is routed by an external router back to another bridge group in the FTD device. Although the bridging functions are separate for each bridge group, many other functions are shared between all bridge groups. For example, all bridge groups share a syslog server or AAA server configuration. You can include multiple interfaces per bridge group. See Guidelines for Firewall Mode for the exact number of bridge groups and interfaces supported. If you use more than 2 interfaces per bridge group, you can control communication between multiple segments on the same network, and not just between inside and outside.

You do not have to create a separate bridge group for each segment. You will need to add the two interfaces that separate the two segments into the same bridge group, then for this to work you will need to assign an IP address to the Bridge Virtual Interface.

Same Subnet means 192.168.1.0/24, so if you have same subnets you can't configure BVI with the same subnet and segment network.Lets say that you cant, how will you route traffic from subnet 192.168.1.0/24(engineering) to 192.168.1.0(users)? You can't. The only olution to this is BVI with IP address.