Hi, Currently have a 3rd party Firewall for Internet Access in a simplified view like below with transit VLAN's spread across 2 sites and as such can leave via either site but with a preference for the local, outbound traffic NAT's to the outside interface of each firewall.

Inbound traffic comes via a supplied small block of IP addresses like the ones below 84.3.2.192/28 (Example IP) these are advertised to the ISP using BGP with each Firewall having a lower preference for the other half of the block in case of failure this is then NATTED to internal Services

As BGP will only advertise routes for ones that are in the routing table we currently have two loopbacks addresses to do this all of which works nicely

Now I know that the Firepower does not support loopback addresses but from memory (long ago) on an ASA I seem to remember simply applying the NAT from Public to Private address and as long as the Private address was up this was good enough to bring up the route (Not tested with BGP though at the time). But this does not seem to be the case with the Firepower FTD's unless I am missing something or there is another way to accomplish this

Because the existing environment is live we are trying to match the existing environment then during a short outage window shut ports on old firewall then enable on new

Any ideas/links/help