https://community.cisco.com/t5/network-security/replace-asa-firewall-with-ftd-design/m-p/3767806#M1028817 <P>Currently, the firewall is setup with 3 interfaces (internet, inside and dmz). The DMZ and Inside using subinterfaces on a port channel to respective vrfs for dmz and inside network. Now this will be replace with FTD next year and we desire to use FTD for routed mode but also leverage the NGFW and NGIPs features together.&nbsp;</P><P>From my research it seems FTD has to be in TRANSPARENT mode only to use NGIPs features or Inline Sets.</P><P>&nbsp;</P><P>Is there a way to use the routed mode and&nbsp; inline set without having a buy additional hardware with the existing design of 3 zones (inside, dmz and inet)?&nbsp;</P> Fri, 21 Feb 2020 16:35:54 GMT michael ezenogha 2020-02-21T16:35:54Z https://community.cisco.com/t5/network-security/replace-asa-firewall-with-ftd-design/m-p/3767806#M1028817 <P>Currently, the firewall is setup with 3 interfaces (internet, inside and dmz). The DMZ and Inside using subinterfaces on a port channel to respective vrfs for dmz and inside network. Now this will be replace with FTD next year and we desire to use FTD for routed mode but also leverage the NGFW and NGIPs features together.&nbsp;</P><P>From my research it seems FTD has to be in TRANSPARENT mode only to use NGIPs features or Inline Sets.</P><P>&nbsp;</P><P>Is there a way to use the routed mode and&nbsp; inline set without having a buy additional hardware with the existing design of 3 zones (inside, dmz and inet)?&nbsp;</P> Fri, 21 Feb 2020 16:35:54 GMT https://community.cisco.com/t5/network-security/replace-asa-firewall-with-ftd-design/m-p/3767806#M1028817 michael ezenogha 2020-02-21T16:35:54Z https://community.cisco.com/t5/network-security/replace-asa-firewall-with-ftd-design/m-p/3767813#M1028818 <P>Hi,</P> <P>FTD routed mode supports&nbsp;Full LINA-engine and Snort-engine checks. You can configure inline set in routed mode as well.</P> <P>If it is in transparent or routed mode, for IPS inspection you need to buy threat license.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2018-12-10 19_29_29-Configure FTD Interfaces in Inline-Pair Mode - Cisco.jpg" style="width: 955px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/25606i18B2125FEE6D7B35/image-size/large?v=v2&amp;px=999" role="button" title="2018-12-10 19_29_29-Configure FTD Interfaces in Inline-Pair Mode - Cisco.jpg" alt="2018-12-10 19_29_29-Configure FTD Interfaces in Inline-Pair Mode - Cisco.jpg" /></span></P> <P>&nbsp;</P> <P>Thanks,<BR />Abheesh<BR />PS: Please don't forget to rate and select as validated answer if this answered your question</P> Fri, 21 Dec 2018 11:12:02 GMT https://community.cisco.com/t5/network-security/replace-asa-firewall-with-ftd-design/m-p/3767813#M1028818 Abheesh Kumar 2018-12-21T11:12:02Z