I have read a statement same-security-traffic is not applicable on FTD. Traffic between FTD interfaces (inter) and hairpinning (intra) is allowed by default, so i thought multiple interface in same security zone in FTD by default allow Communication even if default ACL policy is Block .. but its seem like its not like that .. i am not sure what that statement mean in FTD ..
Apart from i need one more clarification - what configuration need to apply to Provide the communication between interface if they are Belong to same security zone ,
, yes i am trying to get 2 different physical interfaces (in the same security zone) to communicate with each other. in my case these 2 interface Belong to inside LAN , i can achieve communication by creating an Access policy in which keeping source and destination zone is same ... but i still not understand the significance of crating a security Zone in FTD , i am assuming if i have put 2 interface in same zone that should communicate with each other without explicitly create a rule in ACL policy ..
and also trying to understand what that statement means " same-security-traffic is not applicable on FTD. Traffic between FTD interfaces (inter) and hairpinning (intra) is allowed by default "
FTD is inherently a zone-based firewall, and same-security-traffic cli is not required to achieve intra and inter interface communication. ACP rule is required to make this work, as you specify exactly what communication you want to allow within that security zone.
This is different from ASA, where interfaces in same security level and with same-security-traffic turned on will allow communication with out an ACL.
Community Live Event Video
Are you ready to level up your security? Learn more about how Cisco SecureX can help you simplify your security and maximize operational efficiency.
This event talks about Cisco SecureX, its benefits, features, and usage. Th...
Hi all,I cannot understand why is something working very well they create a way to complicate things in Cisco ASA OS. I have a rule :object network LOCAL_ADRESS1 host 192.168.20.12 nat (VLAN20,outside) source static LOCAL_ADRESS1 interface&...
It is our pleasure to officially announce the finalists in the 2021 IT Blog Awards. We are now looking to our amazing tech community to check out the amazing line up of bloggers, vloggers and podcasters. Make sure to vote for your favorites...
Community Live Event Slides
This event talks about Cisco SecureX, its benefits, features, and usage. The session includes sample use cases and live demonstrations.
Cisco expert Luis Silva talks about how this solution can integrate Cisco technology and ...
Hello All, Recently I got an opportunity to perform POC with Cisco ISE (2.7 Patch 4) and Aruba Wireless AP (IAP) to perform 802.1x EAP-FAST (machine + user) authentication followed by Posture Assessment on Windows 10 Machines (installed with AnyConnect 4....