Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
5
Helpful
2
Replies

Firepower VLAN Routing

walkers33752
Level 1
Level 1

‎09-28-2022 11:17 AM

I have a network with multiple VLANS.

We recently got a FP1120 which has a connection out to the internet. This device is on VLAN 22. Internet access (and ICMP replies) work from any device on VLAN 22.

Internet access (and ICMP replies from FP) do not work on any other VLAN. Access control is set to any ipv4 right now for testing purposes.

hosts on VLAN 21 can ping and access every other host on VLAN 22.

0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎09-28-2022 11:29 AM

@walkers33752

I assume you've got a core switch with the VLANs defined? Have you configured a default route on the switch to route to the Firewall's inside interface IP address?

On the Firewall define a static route for the VLAN 21 network via next hop of the switch  IP address (VLAN 22)

Create a Auto NAT rule configured on the Firewall to translate the VLAN 21 network behind the outside interface IP address.

Create a rule in the Access Control Policy to permit traffic from the VLAN 21 network to the internet

 

Aref Alsouqi
VIP
VIP

‎09-29-2022 01:43 AM

If the endpoints on the other VLANs do not get any reply back from the FTD interface(s) then it would suggest there is some connectivity issues between the endpoints and the FTD. As @Rob Ingram suggested, I would check the routing between the firewall and the core switch. If there is no routing on the core switch, I would suggest the ACP rules to make sure this traffic is allowed.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card