cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

784
Views
5
Helpful
4
Replies
usman.works1985
Beginner

Firepower 4110 intra-interface traffic

Hello Everyone,

I have a scenario, where I have to manage the east-west traffic and I have only one inside interface for LAN. So is this possible the traffic enters and exits the same interface in FTD? if yes, then how can I achieve this.

thanks.....

4 REPLIES 4
Mohammed al Baqari
VIP Advisor

Hi,

This is doable in FTD. By default intra-interface traffic is allowed by
default. Just make sure to avoid ICMP redirects which can bypass FTD. I
suggest creating two sub-interfaces on the same physical interface to
ensure that traffic enters and exits FTD.

***** please remember to rate useful posts
usman.works1985
Beginner

Hi Mohommed,

Thanks for your response. In my scenario the Firewall is not the Gateway, but still it is passing all the traffic... In that case I cannot have two or multiple sub-interfaces instead one physical interface... would it still be applicable?

If it isn't the gateway and only has a single interface how is it passing all the traffic?

If it is set as the routing next hop by the gateway it can work. Traffic can go in and come out of the same interface (physical and logical). Of course you will need policies set to inspect, log etc.

It's a bit of an odd configuration that way and normally we would recommend separate interfaces for various reasons.

Hi Marvin, 

So to answer your question my FTD is connected with ACI fabric and the FABRIC is acting as a gateway for all the services... also the the fabric will redirect the traffic toward FTD with the help of PBR and FTD will inspect and send the back from the same interface...