cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2852
Views
0
Helpful
3
Replies

cisco FTD in one arm mode

O.Zang
Level 1
Level 1

Hello Team

 

Is it possible to deploy  cisco FTD in one arm mode.

Can you please help with that ?

 

Regards

Ing OZ

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

FTD in one-arm mode, you want only 1 interface (subinterface)  zone?  - what is the reason, due to port availability?

 

At the high level, you can do sub interface in the different zone - switch configured as a trunk with different VLAN.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Technically speaking you can, however, it would not be recommended, and it would add complexity to your design. I have seen it once (or maybe twice) with an ASA device where it was behind an edge firewall, and it was only used to terminate AnyConnect VPN connections. Post VPN connections, all the traffic from the ASA was routed back to the edge firewall that was doing all the routing and security policies. Is that something similar to what you would like to do?

ggalteroo
Level 1
Level 1

Hello everyone,

 I've thought of this too. In the context of doing PBR to divert traffic towards the FW for analysis, it would make sense to have just one interface to/from the distribution switch without worrying about routing entries. I'm not sure if this has a performance penalty or known limitations for features other than FW/IPS.

Thank you,

GG

Review Cisco Networking for a $25 gift card