Re: Dual ISP on single FDM

Jdogg1985 · ‎11-13-2025

Hello,

My setup is a Cisco Firepower 1120 FTD version 7.6.2.1-3 (FDM). We have 2 ISP outside interfaces. For this we'll name them ISP-A and ISP-B. So currently we have our default internet traffic as well as VPN going through ISP-A. We want to make it where default internet traffic goes through ISP-B and VPN traffic goes through ISP-A. I know PBR is something that doesn't usually work on FDM, but is FlexConfig or SmartCLI an option.

Rob Ingram · ‎11-13-2025

@Jdogg1985 as per the FDM 7.7 guide it states PBR is supported using FlexConfig https://www.cisco.com/c/en/us/td/docs/security/firepower/770/fdm/fptd-fdm-config-guide-770/fptd-fdm-routing.html

Aside from that, you could just create static routes via ISP-A for the VPN networks and the default route via ISP-B.

Jdogg1985 · ‎11-14-2025

Thank you for this. I'm not able to get to the office this week but will try next week and update this thread.

Jdogg1985 · ‎11-18-2025

Update is I've upgraded to 7.7.x. So it looks like the only things i can do is create some objects in SmartCLI (access-list, Route-map, etc.) and then put into policy in Flexconfig.

Rob Ingram · ‎11-18-2025

@Jdogg1985 and what was the outcome? are you still having problems?

I'd expect the configuration to look something like below:-

Jdogg1985 · ‎11-18-2025

Also, just to give a little more context I'm essentially trying to have it where remote workers can access the VPN/VPN networks through the firewall on ISP-A while all office traffic goes through ISP-B.