Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1224
Views
0
Helpful
1
Replies

ASA 5516-X with FirePOWER services Firewall engine

marine253
Level 1
Level 1

‎06-17-2019 01:58 PM - edited ‎02-21-2020 09:13 AM

Hello Team,

 

I am failing to understand how the firewall engines works when ASA is combined with FTD.

 

Is there like a double layer of firewall? Lets say that i want to allow HTTP traffic from my lan (192.168.1.100) towards 1.1.1.1 on the internet.

 

Should i allow it on ASA and on FTD? 

 

Does ASA scan it first then FTD?

 

I was working on a ASA 5516-X with FirePOWER services Firewall recently and i allowed the traffic correctly , but services were not working. Then i realized that FTD was blocking the traffic.

 

Can someone please shed some light here?

 

How is NAT performed? Is it an either or configuration? Or is NAT only performed at ASA level?

 

Thanks

Labels:
0 Helpful
1 Reply 1

Francesco Molino
VIP Alumni
VIP Alumni

‎06-17-2019 07:20 PM

Hi

 

You have asa and firepower service module, right? Not the unified image FTD?

The traffic should be allowed on asa for the L3 and L4 part. The nat is done on asa.

If you have a policy to inspect your traffic (L7 inspection) then it goes in your firepower service module and you should also allow it there.

 

Here a picture showing the traffic flow:

CEA59ED0-E1D8-4446-88E1-C2FA32A75D03.jpeg

 

 

 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card