Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
334
Views
0
Helpful
3
Replies

FTD Intra-ZOne

ranga83
Level 1
Level 1

‎08-26-2024 12:50 AM

Hi,

We have an FTD 3110 Active/Passive cluster with a requirement to group 30 network interfaces (sub-interfaces) into 3 zones, with traffic controls for both intra-zone and inter-zone traffic.

For example, intra-zone traffic would involve traffic between VLAN 10 and VLAN 100 within the "Test1_Zone."

Please refer diagram

Are there any limitations on the number of interfaces that can be assigned to a single security  zone?

 

 

Viduna Rangana
Preview file
52 KB
0 Helpful
3 Replies 3

Marius Gunnerud
VIP
VIP

‎08-26-2024 03:46 AM

Configuration wise there is no limitation.  However, at some point you will reach a resource limitation with regard to memory, Throughput and Inspection (IPS).  I have not found any documentation that states where or when this limitation might be reached.

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

MHM Cisco World
VIP
VIP

‎08-26-2024 04:57 AM - edited ‎08-26-2024 10:01 AM

For example, intra-zone traffic would involve traffic between VLAN 10 and VLAN 100 within the "Test1_Zone." <<- this inter Zone  not intra Zone 

Good design

for internal you can put all internal subnet in one Zone

and put the Server into different zone, these server is access from outside zone 

MHM

 

0 Helpful

ccieexpert
Spotlight
Spotlight

‎08-26-2024 09:58 AM

there is a sub-interface limit, you will reach that first.. the sub interface limit is per platform.

The max to a zone I dont see an issue as max is 1024 sub interfaces + interfaaces.. What is the maximum you are trying to accomplish ?

ccieexpert_0-1724691401322.png

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card