topic Inline FTD device not passing traffic in Network Security

Inline FTD device not passing traffic

sonic8or — Thu, 12 Aug 2021 12:12:37 GMT

If have an FTD device set with inline on ports ge0/0 and ge0/1, but it's not passing traffic. I can see in the logs that traffic is being allowed, but there's no internet access. I've verified the physical connections are correct, the rules are set to allow everything and the internet works when the FTD isn't in the configuration. There's no NAT rules as it's an inline pair.

Is there a setting I might be missing that needs to be configured?

Re: Inline FTD device not passing traffic

Chakshu Piplani — Fri, 13 Aug 2021 18:21:53 GMT

Kindly go through this document : https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html

You can try tap mode to isolate this issue by bypassing snort and t-shoot further.

Regards,

Chakshu

Do rate helpful posts!

Re: Inline FTD device not passing traffic

sonic8or — Fri, 13 Aug 2021 22:53:46 GMT

I've gone through that entire document and still end up with the same results of no traffic. I can't ping the gateway. This is virtual with VMware on a Cisco ucs server. I've enable promiscuous mode on VMware as well. Still no traffic flowing through. It seems as if the interfaces are only working individually and not sending traffic between them. They aren't segmented via vlans, either.

Re: Inline FTD device not passing traffic

sonic8or — Fri, 13 Aug 2021 23:50:17 GMT

Solved it. For anyone else having the same problem:

Promiscuous mode, forged transmits and allow mac changes all need to be enabled on corresponding ports in the VMware settings.