Solved: Firepower 9300 (FTD image) supports MPLS pass through

Sumanta Ghosh · ‎07-13-2017

Hi Experts

Does the FPR 9300 running FTD image 6.x pass MPLS traffic in routed mode? In case we have two different ASs, peering on MP-eBGP with inter-AS option B and a FPR device in between, will the FPR allow labelled eBGP to come up and exchange traffic? Will state-ful packet inspection work in this case, along with IPS policies?

Regards,

Sumanta.

Marvin Rhoads · ‎07-13-2017

I don't know for sure. You would probably have to open a TAC case to verify (or ask your reseller to open a Partner Help case if this is pre-sales).

I would expect it to require the same modification to the underlying LINA code just like an ASA firewall configuration requires. i.e., like what is described here:

https://supportforums.cisco.com/document/95341/quick-reference-bgp-pass-through

We do things like that in an FTD device currently using Flexconfigs.

http://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/flexconfig_policies.html#reference_ztv_qvw_yx

While the specific command is not blacklisted, I have heard some collegues report that not all of the "connection" settings are configurable in FTD.

View solution in original post

Marvin Rhoads · ‎07-13-2017