Cisco Cisco Firepower Management Center 4000

You can configure a managed device in a Layer 3 deployment so that it routes traffic between two or 
more interfaces. You must assign an IP address to each interface and assign the interfaces to a virtual 
router to route traffic.

You can configure the system to route packets by making packet forwarding decisions according to the 
destination address. Interfaces configured as routed interfaces receive and forward the Layer 3 traffic. 
Routers obtain the destination from the outgoing interface based on the forwarding criteria, and access 
control rules designate the security policies to be applied.

In Layer 3 deployments, you can define static routes. In addition, you can configure Routing Information 
Protocol (RIP) and Open Shortest Path First (OSPF) dynamic routing protocols. You can also configure 
a combination of static routes and RIP or static routes and OSPF.

Note that you cannot configure virtual routers, physical routed interfaces, or logical routed interfaces on 
a virtual device or Sourcefire Software for  X-Series.

If a Layer 3 deployment fails for any reason, the device no longer passes traffic.

See the following sections for more information about configuring a Layer 3 deployment:

Control

Series 3

You can set up routed interfaces with either physical or logical configurations. You can configure 
physical routed interfaces for handling untagged VLAN traffic. You can also create logical routed 
interfaces for handling traffic with designated VLAN tags.

In a Layer 3 deployment, the system drops any traffic received on an external physical interface that does 
not have a routed interface waiting for it. If the system receives a packet with no VLAN tag and you have 
not configured a physical routed interface for that port, it drops the packet. If the system receives a 
VLAN-tagged packet and you have not configured a logical routed interface, it also drops the packet.