I have read a statement same-security-traffic is not applicable on FTD. Traffic between FTD interfaces (inter) and hairpinning (intra) is allowed by default, so i thought multiple interface in same security zone in FTD by default allow Communication even if default ACL policy is Block .. but its seem like its not like that .. i am not sure what that statement mean in FTD ..
Apart from i need one more clarification - what configuration need to apply to Provide the communication between interface if they are Belong to same security zone ,
I believe you're trying to get 2 different physical interfaces (in the same security zone) to communicate with each other.
If this is the case, then you need to create a "flexconfig" , a PBR rule among these 2 interfaces.
See if this configuration video helps: https://www.youtube.com/watch?v=lakHhw9CR5Y
Thanks Andre For the Response,
, yes i am trying to get 2 different physical interfaces (in the same security zone) to communicate with each other. in my case these 2 interface Belong to inside LAN , i can achieve communication by creating an Access policy in which keeping source and destination zone is same ... but i still not understand the significance of crating a security Zone in FTD , i am assuming if i have put 2 interface in same zone that should communicate with each other without explicitly create a rule in ACL policy ..
and also trying to understand what that statement means " same-security-traffic is not applicable on FTD. Traffic between FTD interfaces (inter) and hairpinning (intra) is allowed by default "
FTD is inherently a zone-based firewall, and same-security-traffic cli is not required to achieve intra and inter interface communication. ACP rule is required to make this work, as you specify exactly what communication you want to allow within that security zone.
This is different from ASA, where interfaces in same security level and with same-security-traffic turned on will allow communication with out an ACL.