Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
181
Views
0
Helpful
1
Replies

FTD with Inline-Set

fatalXerror
Level 5
Level 5

‎07-04-2024 07:39 AM

Hi guys,

I have 2 units of FTD that will be in transparent mode and I plan to configure it with inline-sets for the IPS and I plan to set it up in active-standby FTD.

My question are:

1. Will there still be a stateful failover in transparent FTD with inline-set interfaces? 

2. Can I form an OSPF neighbor with my router if my FTD in transparent mode with Inline-Set interfaces is in between the routers?

Thanks

0 Helpful
1 Reply 1

tvotna
Spotlight
Spotlight

‎07-04-2024 01:23 PM

Transparent mode and inline-set interfaces are different animals. You don't need inline-set interfaces if you want to pass OSPF through. Use transparent mode and regular interfaces instead. I believe that stateful HA doesn't replicate connections created on inline-set interfaces, because those connections are tcp-state-bypass connections from Lina point of view. But upon failover Snort should be able to pickup flows midstream and traffic should not be interrupted. This document explains inline-set interfaces very well:

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200924-configuring-firepower-threat-defense-int.html

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card