Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
147
Views
0
Helpful
0
Replies

Firepower 1120 transparent mode interface best practises?

Network Diver
Level 1
Level 1

‎02-13-2025 02:11 AM - edited ‎02-13-2025 02:13 AM

Hi,

We have a pair of Firepower 1120 running FTD in transparent mode and active/standby HA. They should do IPS and threat protection for internet links with two separate ISP connections and different IP ranges and routing. 

Separate bridge groups for each ISP.

ftd-transparent-2isp.jpg

Uplink switches are 2 x Nexus C9348GC switches with vPC.

ftd-nexus-uplink.jpg

What's the best practise for interface assignments in such a setup for throughput and failover resiliency? The FTD admin guide is not very clear about this and the Youtube tutorials were all with virtual FTDs.

  • Combined: 4 x 1 Gb/s port-channel with VLAN subinterfaces for both ISPs inside and outside 
  • Separated: 2 x 1 Gb/s port-channel for ISPs inside and another 2 x 1 Gb/s for outside, both with VLAN subinterfaces
  • No port-channel and no VLAN subinterfaces at all, hardwired 1:1 connections
  • It doesn't matter

Thanks in advance,

Bernd

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card