06-15-2025 01:57 AM
Is a Cisco firewall capable of microsegmentation? Can it handle east-west traffic and monitor traffic within the same VLAN?
06-15-2025 02:28 AM
@dianawinsky for east-west segmentation you would use Cisco TrustSec https://community.cisco.com/t5/security-knowledge-base/segmentation-strategy/ta-p/3757424 the Firewall (FTD or ASA) can restrict access for traffic routed between VLANs, not within the same VLAN.
06-15-2025 02:30 AM
How about for monitoring the traffic within the same Vlans? Not just only between vlans
06-15-2025 02:33 AM
@dianawinsky you can use netflow with Secure Network Analytics (Stealthwatch) to provide information on traffic flow within the VLAN. https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2024/pdf/BRKSEC-3019.pdf
06-15-2025 02:45 AM
Does this imply that a standalone firewall alone cannot provide complete functionality, and integration with additional solutions is necessary for my requirements?
06-15-2025 02:50 AM
@dianawinsky yes, you need additional solutions to provide east-west segementation within the same VLAN.
The firewall will only see traffic routed through it (between networks/VLANs) in order to provide the segmentation.
06-15-2025 07:03 AM
What you meaning east west traffic?
If you talking about l2 traffic in DC then sure NGFW can do transparent for l2 traffic.
You can add IPS inline (i will be more sure about this point)
MHM
06-15-2025 06:32 PM
Yes, in our network, we want to have an internal firewall to handle east-west traffic and is capable of monitoring/inspecting traffic within the same VLANs, aside from inter-VLANs. It isn't for DC, but in our case, we have perimeter fw, core, distribution, and access, and we will add internal fw.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide