Deploying FTDv on prem vs cloud

MuathA. — Wed, 21 Jun 2023 01:58:58 GMT

Hello,

We are currently in the process of building the network infrastructure for one of our clients, and the IT management is considering deploying FTDv (Firepower Threat Defense virtual) in a public cloud, specifically on an ESXi server. I have a few questions regarding this:

1. Is it possible to deploy FTDv in the cloud to protect the LAN network on-premises?
2. If FTDv is deployed in the cloud, how would the traffic flow work? For example, if a user on-premises wants to ping 8.8.8.8, would the packet go through an IPsec tunnel to the cloud network and then be subjected to NAT from the inside to the outside interface of the FTDv?
3. Is it an ideal and common design practice to deploy FTDv in the cloud, particularly if the client lacks sufficient resources and powerful physical servers on-premises? Or should I advise them to invest in a physical server and deploy FTDv on-premises?

Thanks!

Re: Deploying FTDv on prem vs cloud

Marvin Rhoads — Wed, 21 Jun 2023 04:48:37 GMT

Firewalls installed in the cloud are almost always used to secure access to and from resources in that same cloud. While you could technically route your on-premise traffic via an IPsec tunnel to that cloud firewall and thence on to the Internet, it would not make sense for any use case I can think of. Performance would be decreased and you would pay for the traffic going into and coming out of the cloud that doesn't need to go there in the first place.

topic Re: Deploying FTDv on prem vs cloud in Network Security

Deploying FTDv on prem vs cloud

Re: Deploying FTDv on prem vs cloud