in a drop-in configuration, the firebox is put in place with the same network address on all firebox interfaces. all three firebox interfaces must be configured. because this configuration mode distributes the network’s logical address space across the firebox interfaces, you can “drop” the firebox between the router and the lan without reconfiguring any local machines. public servers behind the firebox use public addresses, and traffic is routed through the firebox with no network address translation.

   

    characteristics of a drop-in configuration:

    1?a single network that is not subdivided into smaller networks or subnetted.

    2?the firebox performs proxy arp, a technique in which one host answers address resolution protocol requests for machines behind that firebox that cannot hear the broadcasts. the trusted interface arp address replaces the router's arp address.

    3?the firebox can be placed in a network without changing default gateways on the trusted hosts. this is because the firebox answers for the router, even though the router cannot hear the trusted host's arp requests.

    4?all trusted computers must have their arp caches flushed.

    5?the majority of a lan resides on the trusted interface by creating a secondary network for the lan.

    the benefit of a drop-in configuration is that you donn't have to reconfigure machines already on a public network with private ip addresses. the drawback is that it is generally harder to manage and is more prone to network problems.