https://community.cisco.com/t5/wireless/firepower-networking-issue-between-interface-port/m-p/4505210#M235704 <P>Each port runs different VLANs in the switch where they are connected, you should not see this issue?</P> <P>&nbsp;</P> <P>how is your switch configured?</P> <P>&nbsp;</P> <P>Try to access from Guest user to Inside, check the Logs in firepower is this reaching firepower or switch doing any routing here?</P> <P>&nbsp;</P> Thu, 18 Nov 2021 19:56:05 GMT balaji.bandi 2021-11-18T19:56:05Z https://community.cisco.com/t5/wireless/firepower-networking-issue-between-interface-port/m-p/4505204#M235703 <P>Hello Engineers,</P><P>&nbsp;</P><P>Today I found there is critical security issue on our Firepower. (2110 series)</P><P>On our Firepower, there are 3 interface ports, Outside/Inside/Guest.</P><P>&nbsp;</P><P>Those IP ranges has different, and Inside/Guest has private IP ranges.</P><P>Guest interface is for wireless Guest users.</P><P>Normally Guest users are not able to access Inside IP blocks, can't communicate with each other.</P><P>&nbsp;</P><P>My case, Guest IP range can communicate with Inside!!!!!!!!!</P><P>&nbsp;</P><P>&nbsp;</P><P>&lt;Firepower --- Core switch --- Wireless Controller&gt;</P><P>&nbsp;</P><P>-There is no route for guest interface and Guest zone in Firepower.</P><P>-There is no route for Guest IP range in Core switch.</P><P>&nbsp;</P><P>I don't know where should I check... Please help, it is urgent to me..</P><P>How can different interface port can communicate without routing??</P><P>&nbsp;</P><P>I really appreciate your comments.</P><P>&nbsp;</P> Thu, 18 Nov 2021 19:46:01 GMT https://community.cisco.com/t5/wireless/firepower-networking-issue-between-interface-port/m-p/4505204#M235703 eeebbunee 2021-11-18T19:46:01Z https://community.cisco.com/t5/wireless/firepower-networking-issue-between-interface-port/m-p/4505210#M235704 <P>Each port runs different VLANs in the switch where they are connected, you should not see this issue?</P> <P>&nbsp;</P> <P>how is your switch configured?</P> <P>&nbsp;</P> <P>Try to access from Guest user to Inside, check the Logs in firepower is this reaching firepower or switch doing any routing here?</P> <P>&nbsp;</P> Thu, 18 Nov 2021 19:56:05 GMT https://community.cisco.com/t5/wireless/firepower-networking-issue-between-interface-port/m-p/4505210#M235704 balaji.bandi 2021-11-18T19:56:05Z https://community.cisco.com/t5/wireless/firepower-networking-issue-between-interface-port/m-p/4505626#M235732 <P>Hello.</P><P>Can you share screen from your Firepower 2110? How it is managed - via FMC or FDM?</P><P>Are you sure, that cause of this problem inside Firepower? Maybe you need to implement ACL inside your core-switch or any L3 device.</P> Fri, 19 Nov 2021 14:59:10 GMT https://community.cisco.com/t5/wireless/firepower-networking-issue-between-interface-port/m-p/4505626#M235732 kapydan88 2021-11-19T14:59:10Z https://community.cisco.com/t5/wireless/firepower-networking-issue-between-interface-port/m-p/4505795#M235736 <P>Hello Balaji,</P><P>&nbsp;</P><P>Yes, Guest and inside port from FTD are connected to Core switch with different vlan.</P><P>WLC1/1-1/4 ports (Trunk)==== Core switch po1 LAG</P><P>&nbsp;* WLC guest-interface VLAN300, ip address 192.168.0.2 / 255.255.255.0 / 192.168.0.1</P><P>Core switch inside ==== FTD Ethernet1/2&nbsp;</P><P>Core switch Guest(VLAN300, no int vlan 300 ip address) ==== FTD Ethernet 1/3 (192.168.0.1)</P><P>&nbsp;</P><P>FTD DHCP Server enabled for Guest Network (192.168.0.3-192.168.0.200)</P><P>&nbsp;</P><P>When I connect Guest wireless, I get IP from FTD and connect internet.</P><P>&nbsp;</P><P>We have other site office, same configurations (almost similar) (FTD,Core switch, WLC). There, without no access-list (deny) rule in Core switch, guest network is not able to communicate with inside networks.</P><P>&nbsp;</P><P>Do you think that's because of Core switch or WLC? (not FTD)?</P> Mon, 22 Nov 2021 17:23:41 GMT https://community.cisco.com/t5/wireless/firepower-networking-issue-between-interface-port/m-p/4505795#M235736 eeebbunee 2021-11-22T17:23:41Z