https://community.cisco.com/t5/network-security/cisco-ftd-in-one-arm-mode/m-p/4986857#M1107369 <P>Hello everyone,</P> <P>&nbsp;I've thought of this too. In the context of doing PBR to divert traffic towards the FW for analysis, it would make sense to have just one interface to/from the distribution switch without worrying about routing entries. I'm not sure if this has a performance penalty or known limitations for features other than FW/IPS.</P> <P>Thank you,</P> <P>GG</P> Fri, 29 Dec 2023 14:09:57 GMT ggalteroo 2023-12-29T14:09:57Z https://community.cisco.com/t5/network-security/cisco-ftd-in-one-arm-mode/m-p/4184167#M1075787 <P>Hello Team</P><P>&nbsp;</P><P>Is it possible to deploy&nbsp; cisco FTD in one arm mode.</P><P>Can you please help with that ?</P><P>&nbsp;</P><P>Regards</P><P>Ing OZ</P> Sun, 15 Nov 2020 18:48:23 GMT https://community.cisco.com/t5/network-security/cisco-ftd-in-one-arm-mode/m-p/4184167#M1075787 O.Zang 2020-11-15T18:48:23Z https://community.cisco.com/t5/network-security/cisco-ftd-in-one-arm-mode/m-p/4184169#M1075788 <P>FTD in one-arm mode, you want only 1 interface (subinterface)&nbsp; zone?&nbsp; - what is the reason, due to port availability?</P> <P>&nbsp;</P> <P>At the high level, you can do sub interface in the different zone - switch configured as a trunk with different VLAN.</P> <P>&nbsp;</P> Sun, 15 Nov 2020 18:58:34 GMT https://community.cisco.com/t5/network-security/cisco-ftd-in-one-arm-mode/m-p/4184169#M1075788 balaji.bandi 2020-11-15T18:58:34Z https://community.cisco.com/t5/network-security/cisco-ftd-in-one-arm-mode/m-p/4184264#M1075799 <P>Technically speaking you can, however, it would not be recommended, and it would add complexity to your design. I have seen it once (or maybe twice) with an ASA device where it was behind an edge firewall, and it was only used to terminate AnyConnect VPN connections. Post VPN connections, all the traffic from the ASA was routed back to the edge firewall that was doing all the routing and security policies. Is that something similar to what you would like to do?</P> Mon, 16 Nov 2020 06:36:19 GMT https://community.cisco.com/t5/network-security/cisco-ftd-in-one-arm-mode/m-p/4184264#M1075799 Aref Alsouqi 2020-11-16T06:36:19Z https://community.cisco.com/t5/network-security/cisco-ftd-in-one-arm-mode/m-p/4986857#M1107369 <P>Hello everyone,</P> <P>&nbsp;I've thought of this too. In the context of doing PBR to divert traffic towards the FW for analysis, it would make sense to have just one interface to/from the distribution switch without worrying about routing entries. I'm not sure if this has a performance penalty or known limitations for features other than FW/IPS.</P> <P>Thank you,</P> <P>GG</P> Fri, 29 Dec 2023 14:09:57 GMT https://community.cisco.com/t5/network-security/cisco-ftd-in-one-arm-mode/m-p/4986857#M1107369 ggalteroo 2023-12-29T14:09:57Z