Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1328
Views
0
Helpful
2
Replies

FTDv in Azure - Limited to two routed interfaces?

Lucas Phelps
Level 5
Level 5

‎03-12-2018 01:15 PM - edited ‎02-21-2020 07:30 AM

I am wanting to deploy a FTD virtual into Azure using the pre-built on the from Azure Marketplace.  I want it to be in Routed Mode and to have an Inside, Outside, a DMZ interface, and finally an interface for Management.

It sounds like the FTDv only supports routing on TWO of the 4 available interfaces?  I'm confused on this.  Does the FTDv have limitations that the hardware FTD running on my 5506-X would have?

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/azure/ftdv-azure-qsg.html

 

http://lucian.blog/2017/04/lessons-learned-from-deploying-cisco-firepower-threat-defence-firewall-virtual-appliances-in-azure-a-brain-dump/

 

From the document: 

  • The Firepower Threat Defense Virtual deploys with four interfaces.
  • The first defined interface is always the Management interface, and only the Management 0/0 and GigabitEthernet0/0 are assigned public IP addresses.
  • These NICs map to the Firepower Threat Defense Virtual interfaces Management, Diagnostic 0/0, GigabitEthernet 0/0, and GigabitEthernet 0/1 respectively.
Labels:
0 Helpful
2 Replies 2

Ajay Saini
Level 7
Level 7

‎03-12-2018 06:10 PM

Hello Lucas,

 

Looks like you are not the only one, there are many people out there who are really not happy with this limitation. We had a discussion last week with our Cisco accounts manager and they listed the 2 major limitations:

 

Out of total 4 interfaces, only 2 can be used as data interfaces.

second, FMC can not be installed on Azure, it has to be On-Prem or on AWS.

 

We are discussing the alternatives - a workaround or maybe another solution. If I have some good news, I will post it.

 

Good luck Azuring.!!

 

HTH

AJ

0 Helpful

Ajay Saini
Level 7
Level 7

‎03-12-2018 06:32 PM

Hello,

 

I was digging more and actually found this video. It talks about how we can integrate more subnets with Firepower. It uses the UDR feature and forces all the other subnets to go through the Firepower and hence be inspected. It will handle both North-South Traffic and East-West Traffic.

 

https://www.youtube.com/watch?v=UBO2yRMYPA8

 

FYI, I have not tested it but will test it out soon.

 

HTH

AJ

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card