Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
4438
Views
0
Helpful
4
Replies

FTD Interfaces

Go to solution
benolyndav
Level 4
Level 4

ā€Ž05-22-2021 12:23 AM

Hi

We ahve FTD2100 and have different security zones what is the purpose of interface groups  and are they needed, i just created x2 new sub-interfaces and security zones but havent created interface groups there are other interfaces with groups, is this ok can it cause an issue down the line not having interface groups for these new interfaces/security zones ?

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sheraz.Salim
VIP
VIP

ā€Ž05-22-2021 01:45 AM

 

 

 

Interfacegroup.PNG

There are two types of interface objects: security zones and interface groups. The key difference is that interface groups can overlap. Only security zones can be used in access control policy rules.

please do not forget to rate.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Sheraz.Salim
VIP
VIP

ā€Ž05-22-2021 01:45 AM

 

 

 

Interfacegroup.PNG

There are two types of interface objects: security zones and interface groups. The key difference is that interface groups can overlap. Only security zones can be used in access control policy rules.

please do not forget to rate.
0 Helpful

Go to solution
Carlos T
Level 1
Level 1

ā€Ž07-12-2023 04:52 AM

So it still works, even if you dont have interface group attached to the new interfaces.

My setup is similar to your scenario. I have a production firewall with many interfaces and security groups (one for each interface/subinterface).

I am creating a new subinterface, and also a new security group for that new subinterface, but I see on the interface output (devices / interfaces) that the new created subinterface has NO interface group attached.

The attachment of interface group to a interface I done on "objects / Object Management / Interfaces", then "Add Interface Group" 

 

I put a Name, Select interface type as "routed" (as the other interfaces already configured), then on the list of available interfaces, I select the new interface created.

 

Then save and deploy.

 

But even following that procedure, I still dont see the Interface group attached to the Interface on the "Devices / Interfaces" output.

 

Any reason why?

 

Thanks,

CT

 

0 Helpful

Go to solution
benolyndav
Level 4
Level 4
In response to Carlos T

ā€Ž07-12-2023 06:30 AM

Hi

Have you got the Interfaces selested in the selected interfaces tab in interface group and Interface in objects, also have you got all your firewalls selected.??

0 Helpful

Go to solution
Carlos T
Level 1
Level 1
In response to benolyndav

ā€Ž07-12-2023 06:37 AM

Thanks for the reply.

 

I just went to lunch, and when I come back, I see now the interface with the interface group attached to it on thje "Devices / Device Management / Interfaces" output.

Looks like it took a while to show it, as 45 mins ago (of course after deployed) this output was not showing the interface group attached.

Thanks for your reply!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card