When a firewall has IP addresses assigned to its interfaces, it acts as a router hop for packets passing through it. As well, all the traffic inspection and forwarding decisions are based on Layer 3 (IP address) parameters. This is called routed firewall mode.
Cisco firewalls running PIX release 6.3 or earlier operate solely in routed firewall mode. Beginning with FWSM 2.2(1) and PIX 7.0, you can configure a firewall to operate in either routed or transparent firewall mode, but not both.
Each firewall interface must be connected to a different IP subnet and be assigned an IP address on that subnet. When a routed firewall is installed or inserted into a network for the first time, the network ...