Solved: Cisco FMC FTD passive and active modes

mohammadaburob · ‎07-10-2020

Hello Community.

we are thinking of providing differed managed services to our clients using existing FTD and manage them through our FMC cluster.

now we need to confirm if we can run the FTD that is already in inline mode with passive functionality such as passive detection engine to offer the IDS feature. so can we mix the two modes?

oalkhatib · ‎07-10-2020

Hello Mohammad, yes actually both modes can be mixed as per the below link: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/fptd-fdm-config-guide-630/fptd-fdm-use-cases.html#task_B9870E6741394745B05165E6BB008F23 quoted from the above link: "Although you would normally use passive mode for demonstration or testing purposes only, you can also use passive mode in a production environment if it provides a service that you need, such as IDS (intrusion detection system, without prevention). You can mix passive interfaces with active firewall routed interfaces to provide the exact combination of services required by your organization. " i hope this clarifies your question

View solution in original post

oalkhatib · ‎07-10-2020

Hello Mohammad, yes actually both modes can be mixed as per the below link: https://www.cisco.com/c/en/us/td/docs/security/firepower/630/fdm/fptd-fdm-config-guide-630/fptd-fdm-use-cases.html#task_B9870E6741394745B05165E6BB008F23 quoted from the above link: "Although you would normally use passive mode for demonstration or testing purposes only, you can also use passive mode in a production environment if it provides a service that you need, such as IDS (intrusion detection system, without prevention). You can mix passive interfaces with active firewall routed interfaces to provide the exact combination of services required by your organization. " i hope this clarifies your question

mohammadaburob · ‎07-10-2020

thanks!