Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
1
Replies

Create an INLINE-SET on an FTD

Ricky Sandhu
Level 3
Level 3

‎02-03-2022 02:05 PM

Hi all,  I am trying to create an Inline set on my FTD appliance and have some confusion.  I have included a basic diagram of my setup that I am trying to do.  I have a multi-layer switch (Switch1), Router1 and Router2.  The switch and the routers form an EIGRP neighborship on VLAN123 where switch IP address 172.18.123.250 and the routers .2 and .3 all become neighbors.  This part is working fine.  The routers are my primary and backup DMVPN routers that remote branch offices connect to.  I want to introduce an FTD appliance so I can start applying Snort rules on the traffic entering my data center from remote offices.  I decided to go with the inline-set option to minimize the amount of work (and downtime) needed.  If I was to create the inline-set using both ports GE0/1 and GE0/2 on the FTD, can I still continue to have the routers and the switch form the EIGRP relationships provided I allow this traffic (multicast) inside the ACP?  

Preview file
26 KB
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎02-04-2022 01:54 AM

Yes, you can form EIGRP neighbors through the firewall but the firewall would need to be transparent so that the routers are connected to the same subnet.  Also, if you are applying access control rules, you would need to allow the EIGRP protocol and multicast traffic between the routers.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card