Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1581
Views
5
Helpful
4
Replies

Firepower 4110 intra-interface traffic

usman.works1985
Level 1
Level 1

‎09-21-2021 04:12 AM

Hello Everyone,

I have a scenario, where I have to manage the east-west traffic and I have only one inside interface for LAN. So is this possible the traffic enters and exits the same interface in FTD? if yes, then how can I achieve this.

thanks.....

0 Helpful
4 Replies 4

Mohammed al Baqari
Level 11
Level 11

‎09-21-2021 05:44 AM

Hi,

This is doable in FTD. By default intra-interface traffic is allowed by
default. Just make sure to avoid ICMP redirects which can bypass FTD. I
suggest creating two sub-interfaces on the same physical interface to
ensure that traffic enters and exits FTD.

***** please remember to rate useful posts

usman.works1985
Level 1
Level 1

‎09-22-2021 07:40 AM

Hi Mohommed,

Thanks for your response. In my scenario the Firewall is not the Gateway, but still it is passing all the traffic... In that case I cannot have two or multiple sub-interfaces instead one physical interface... would it still be applicable?

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to usman.works1985

‎09-22-2021 09:26 AM

If it isn't the gateway and only has a single interface how is it passing all the traffic?

If it is set as the routing next hop by the gateway it can work. Traffic can go in and come out of the same interface (physical and logical). Of course you will need policies set to inspect, log etc.

It's a bit of an odd configuration that way and normally we would recommend separate interfaces for various reasons.

0 Helpful

usman.works1985
Level 1
Level 1
In response to Marvin Rhoads

‎09-22-2021 10:20 AM

Hi Marvin, 

So to answer your question my FTD is connected with ACI fabric and the FABRIC is acting as a gateway for all the services... also the the fabric will redirect the traffic toward FTD with the help of PBR and FTD will inspect and send the back from the same interface... 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card