ScreenOS Cookbook by Stefan Brunner, Vik Davar, David Delcourt, Ken Draper, Joe Kelly, Sunil Wadhwa

In transparent mode, the firewall acts like a transparent bridge. Although there are historically other switch types, all Ethernet switches are considered transparent bridges. The difference between other switch types (such as token ring or cell switches) and Ethernet switches is that the latter do not maintain path information or even use a configured forwarding table or dynamic path discovery protocol.

Ethernet uses Media Access Control (MAC) addressing in a way that is similar to how IP packets use IP addresses. A MAC address is 48 bits long, whereas an IPv4 address is 32 bits long. MAC addresses on Ethernet are identical, with serial numbers on network interface cards (NICs), also called ports. Each port has its own MAC address, which sometimes can be changed, but rarely is. Ethernet switches became so successful because they work on a very simple principle: when an Ethernet frame enters a switch, the switch puts the src-mac address into a forwarding table, linked to the ingress port. Then it checks to see whether it has a forwarding entry for the dst-mac address to an egress port. If it does not, it floods the packet out on all ports except for the port on which it was received. If it does, it floods the frame to only the port to which the forwarding entry points. The forwarding table is transient, and entries are timed out after a few minutes if they are not refreshed.

In contrast to IP addresses, MAC addresses only have significance ...