https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/4764322#M1097281 <P>Yep, that does the trick.&nbsp; An ACP from the inside zone to the inside zone is what solves this problem.</P> Fri, 27 Jan 2023 23:06:11 GMT christopher.lambeth@gdt.com 2023-01-27T23:06:11Z https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/3529874#M132958 <HTML><HEAD></HEAD><BODY><P>Hi </P><P></P><P>I have read a statement same-security-traffic is not applicable on FTD. Traffic between FTD interfaces (inter) and hairpinning (intra) is allowed by default, so i thought multiple interface in same security zone in FTD by default allow Communication&nbsp; even if default ACL policy is Block .. but its seem like its not like that .. i am not sure what that statement mean in FTD .. </P><P></P><P>Apart from i need one more clarification -&nbsp; what configuration need to apply to Provide the communication between interface if they are Belong to same security zone , </P></BODY></HTML> Mon, 02 Apr 2018 03:38:10 GMT https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/3529874#M132958 Parveen 2018-04-02T03:38:10Z https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/3529875#M132959 <HTML><HEAD></HEAD><BODY><P>Hi Berwal, </P><P></P><P>I believe you're trying to get 2 different physical interfaces (in the same security zone) to communicate with each other.</P><P>If this is the case, then you need to create a "flexconfig" , a PBR rule among these 2 interfaces.</P><P>See if this configuration video helps: <A href="https://www.youtube.com/watch?v=lakHhw9CR5Y" title="https://www.youtube.com/watch?v=lakHhw9CR5Y">https://www.youtube.com/watch?v=lakHhw9CR5Y</A></P></BODY></HTML> Mon, 02 Apr 2018 04:18:14 GMT https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/3529875#M132959 Andre Camillo 2018-04-02T04:18:14Z https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/3529876#M132960 <HTML><HEAD></HEAD><BODY><P>Thanks Andre <SPAN style="font-size: 13.3333px;">For the Response</SPAN>, </P><P></P><P>, yes i am trying&nbsp; to <SPAN style="color: #3d3d3d; font-family: arial; font-size: 12px;">get 2 different physical interfaces (in the same security zone) to communicate with each other. in my case these 2 interface Belong to inside LAN ,&nbsp; i can achieve communication&nbsp; by creating an Access policy in which keeping source and destination zone is same ... but i still not understand the significance of crating a security Zone in FTD , i am assuming if i have put 2 interface in same zone that should communicate with each other without explicitly create a rule in ACL policy ..</SPAN></P><P><SPAN style="color: #3d3d3d; font-family: arial; font-size: 12px;"> </SPAN></P><P><SPAN style="color: #3d3d3d; font-family: arial; font-size: 12px;">and also trying to understand what that statement means " <SPAN style="color: #3d3d3d; font-family: arial; font-size: 12px;">same-security-traffic is not applicable on FTD. Traffic between FTD interfaces (inter) and hairpinning (intra) is allowed by default "</SPAN></SPAN></P><P><SPAN style="color: #3d3d3d; font-size: 12px; font-family: arial;"><BR /></SPAN></P><P><SPAN style="color: #3d3d3d; font-size: 12px; font-family: arial;">Regards</SPAN></P><P><SPAN style="color: #3d3d3d; font-size: 12px; font-family: arial;">Parveen </SPAN></P></BODY></HTML> Mon, 02 Apr 2018 04:32:51 GMT https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/3529876#M132960 Parveen 2018-04-02T04:32:51Z https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/3529877#M132961 <HTML><HEAD></HEAD><BODY><P>Hi Praveen,</P><P></P><P>FTD is inherently a zone-based firewall, and same-security-traffic cli is not required to achieve intra and inter interface communication.&nbsp; ACP rule is required to make this work, as you specify exactly what communication you want to allow within that security zone.</P><P></P><P>This is different from ASA, where interfaces in same security level and with same-security-traffic turned on will allow communication with out an ACL.</P><P></P><P>Thanks,</P><P></P><P>Goran </P></BODY></HTML> Fri, 06 Apr 2018 13:19:31 GMT https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/3529877#M132961 goransx 2018-04-06T13:19:31Z https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/4764322#M1097281 <P>Yep, that does the trick.&nbsp; An ACP from the inside zone to the inside zone is what solves this problem.</P> Fri, 27 Jan 2023 23:06:11 GMT https://community.cisco.com/t5/network-security/firepower-threat-defense-intra-zone-communication/m-p/4764322#M1097281 christopher.lambeth@gdt.com 2023-01-27T23:06:11Z