In a Layer 2 deployment, the firewall provides switching
between two or more networks. You must assign a group of interfaces
to a VLAN object in order for the firewall to switch between them.
The firewall performs VLAN tag switching when Layer 2 subinterfaces
are attached to a common VLAN object. Choose this option when switching
Figure: Layer 2 Deployment
In a Layer 2 deployment, the firewall rewrites the inbound Port
VLAN ID (PVID) number in a Cisco per-VLAN spanning tree (PVST+)
or Rapid PVST+ bridge protocol data unit (BPDU) to the proper outbound
VLAN ID number and forwards it out. The firewall rewrites such BPDUs
on Layer 2 Ethernet and Aggregated Ethernet (AE) interfaces only.
A Cisco switch must have the loopguard disabled
for the PVST+ or Rapid PVST+ BPDU rewrite to function properly on