Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2835
Views
0
Helpful
3
Replies

cisco FTD in one arm mode

O.Zang
Level 1
Level 1

‎11-15-2020 10:48 AM

Hello Team

 

Is it possible to deploy  cisco FTD in one arm mode.

Can you please help with that ?

 

Regards

Ing OZ

1 person had this problem
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎11-15-2020 10:58 AM

FTD in one-arm mode, you want only 1 interface (subinterface)  zone?  - what is the reason, due to port availability?

 

At the high level, you can do sub interface in the different zone - switch configured as a trunk with different VLAN.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Aref Alsouqi
VIP
VIP

‎11-15-2020 10:36 PM

Technically speaking you can, however, it would not be recommended, and it would add complexity to your design. I have seen it once (or maybe twice) with an ASA device where it was behind an edge firewall, and it was only used to terminate AnyConnect VPN connections. Post VPN connections, all the traffic from the ASA was routed back to the edge firewall that was doing all the routing and security policies. Is that something similar to what you would like to do?

0 Helpful

ggalteroo
Level 1
Level 1

‎12-29-2023 06:09 AM

Hello everyone,

 I've thought of this too. In the context of doing PBR to divert traffic towards the FW for analysis, it would make sense to have just one interface to/from the distribution switch without worrying about routing entries. I'm not sure if this has a performance penalty or known limitations for features other than FW/IPS.

Thank you,

GG

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card