cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
332
Views
0
Helpful
3
Replies

FTD Intra-ZOne

ranga83
Level 1
Level 1

Hi,

We have an FTD 3110 Active/Passive cluster with a requirement to group 30 network interfaces (sub-interfaces) into 3 zones, with traffic controls for both intra-zone and inter-zone traffic.

For example, intra-zone traffic would involve traffic between VLAN 10 and VLAN 100 within the "Test1_Zone."

Please refer diagram

Are there any limitations on the number of interfaces that can be assigned to a single security  zone?

 

 

Viduna Rangana
3 Replies 3

Configuration wise there is no limitation.  However, at some point you will reach a resource limitation with regard to memory, Throughput and Inspection (IPS).  I have not found any documentation that states where or when this limitation might be reached.

--
Please remember to select a correct answer and rate helpful posts

For example, intra-zone traffic would involve traffic between VLAN 10 and VLAN 100 within the "Test1_Zone." <<- this inter Zone  not intra Zone 

Good design

for internal you can put all internal subnet in one Zone

and put the Server into different zone, these server is access from outside zone 

MHM

 

ccieexpert
Spotlight
Spotlight

there is a sub-interface limit, you will reach that first.. the sub interface limit is per platform.

The max to a zone I dont see an issue as max is 1024 sub interfaces + interfaaces.. What is the maximum you are trying to accomplish ?

ccieexpert_0-1724691401322.png

 

Review Cisco Networking for a $25 gift card