https://community.cisco.com/t5/network-security/ftdv-integration-with-aws-transit-gateway/m-p/4267100#M1077030 <P>Hi Team,</P><P>I'm&nbsp;looking for a Cisco recommended design for deploying &amp; integrating FTDv FW pair with AWS Transit Gateway.</P><P>&nbsp;</P><P>Design Considerations -</P><UL><LI>The 2 firewalls need to be deployed in a separate AWS VPC with 2 availability zones. And traffic failover should be automatic in case of a FTDv or an Availability Zone failure.</LI></UL><P>&nbsp;</P><P>I could find only the following design ( briefly described in <A href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DUtthj_CGfP8&amp;data=04%7C01%7CRukshanF%40millenniumitesp.com%7C5b23f1d374944cb1698e08d8b182a47f%7C9742494393ed421f81cef245fd53a717%7C0%7C0%7C637454522607732478%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=bJl3pDCiODSXI7NgnZzxTtGafcEGz9p7E4ScBH4OmLU%3D&amp;reserved=0" target="_blank" rel="noopener">https://www.youtube.com/watch?v=Utthj_CGfP8</A> ) under Cisco Secure Firewall YouTube channel.&nbsp;And in this design, 2 CSR 1000V routers are used in addition to the 2FTDv FWs.&nbsp;</P><P>I'm not sure why the 2 CSR 1000V routers are required here ?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Cisco-Solution.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/100909i6EF9C4990B11139E/image-size/large?v=v2&amp;px=999" role="button" title="Cisco-Solution.png" alt="Cisco-Solution.png" /></span></P> Tue, 05 Jan 2021 15:16:19 GMT mcrukshanfernando 2021-01-05T15:16:19Z https://community.cisco.com/t5/network-security/ftdv-integration-with-aws-transit-gateway/m-p/4267100#M1077030 <P>Hi Team,</P><P>I'm&nbsp;looking for a Cisco recommended design for deploying &amp; integrating FTDv FW pair with AWS Transit Gateway.</P><P>&nbsp;</P><P>Design Considerations -</P><UL><LI>The 2 firewalls need to be deployed in a separate AWS VPC with 2 availability zones. And traffic failover should be automatic in case of a FTDv or an Availability Zone failure.</LI></UL><P>&nbsp;</P><P>I could find only the following design ( briefly described in <A href="https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DUtthj_CGfP8&amp;data=04%7C01%7CRukshanF%40millenniumitesp.com%7C5b23f1d374944cb1698e08d8b182a47f%7C9742494393ed421f81cef245fd53a717%7C0%7C0%7C637454522607732478%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=bJl3pDCiODSXI7NgnZzxTtGafcEGz9p7E4ScBH4OmLU%3D&amp;reserved=0" target="_blank" rel="noopener">https://www.youtube.com/watch?v=Utthj_CGfP8</A> ) under Cisco Secure Firewall YouTube channel.&nbsp;And in this design, 2 CSR 1000V routers are used in addition to the 2FTDv FWs.&nbsp;</P><P>I'm not sure why the 2 CSR 1000V routers are required here ?</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Cisco-Solution.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/100909i6EF9C4990B11139E/image-size/large?v=v2&amp;px=999" role="button" title="Cisco-Solution.png" alt="Cisco-Solution.png" /></span></P> Tue, 05 Jan 2021 15:16:19 GMT https://community.cisco.com/t5/network-security/ftdv-integration-with-aws-transit-gateway/m-p/4267100#M1077030 mcrukshanfernando 2021-01-05T15:16:19Z https://community.cisco.com/t5/network-security/ftdv-integration-with-aws-transit-gateway/m-p/5245121#M1118652 <P>Since FTD unfortunately don't support GRE termination for some reason even though Cisco invented GRE, there's no direct way to connect the FTD with Transit Gateway.<BR /><BR />I want to utilize BGP to share routing updates with Transit Gateway's routing table but stuck due to this limitation and I don't know if this is in the roadmap to allow GRE termination on FTD.</P> Thu, 09 Jan 2025 10:35:23 GMT https://community.cisco.com/t5/network-security/ftdv-integration-with-aws-transit-gateway/m-p/5245121#M1118652 vgaur 2025-01-09T10:35:23Z