Thanks Marvin  for your reply.

I have seen the link you provide but it's kinda dated and refers to ASA firewall.  As you probably already know FTD has SGT capabilities.

Yes the link is dated but the concepts remain the same. If there's an FTD-specific document, I haven't seen it - even in partner training.

Thanks Marvin

Oohh....gotcha Marvin!  Hmmm...so with  Firepower 4150 we can only create 4 instance max.

Okay.  Thanks Marvin

Almost correct - 4150 supports 7 instances.

FTD Multi-Instance Scale

Although if you can wait until 6.6 you might see multiple VRF support.

Sorry.  I think the number of containers for a 4150 is 7.

Could this be done with using sub-interface on one FTD instead of multiple containers?

Multi-instance, multi-VRF and separate zones are all ways to address the SDA fusion firewall needs. The last one is certainly easiest to implement and can be done via separate physical interfaces or subinterfaces.

Okay.  That response created more questions.  hahaha....

1- Can FTD do multi-VRF?  I wasn't aware of this?

2- Will zone create seperate routing tables?  Is seperate routing table a requirement for SDA fusion?  Hmm.....

Thanks again Marvin

There's no VRF support as of the current release 6.5.0.2. We might see it in 6.6.

Creating zones won't create separate routing tables.

Whether or not you need that depends in part on your VN design in SDA. In any case you need to build the inter-VN policy (if any such is required ) and VN(s)-to-rest-of-the-world policies manually in the firewall. Generally you will need some ACLs with SGTs (VN-facing) and some more traditional 5-tuple ACLs (outside world facing).

I just confirmed the above at Cisco Live Barcelona this week.