Solved: implementing private VLANs on Firepower

PiotrB · ‎06-30-2022

My department is looking for implementing private VLANs on Firepower 2000 and 4000 series.

Is this feature available or supported on FTD/FMC?

Thanks in advance for the reply.

Marvin Rhoads · ‎06-30-2022

Adding to what @Rob Ingram correctly noted, even the firewall models that support onboard switching (like the Cisco Secure Firewall 1010) do not support private VLANs.

PVLAN is mostly a technology that has been abandoned in favor of other segmentation or microsegmentation techniques. I have seen them in use in production once in over 30 years of experience working with hundreds of customer networks.

View solution in original post

Rob Ingram · ‎06-30-2022

@PiotrB Private VLANs are a function of switches, not the firewalls.

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-3/configuration_guide/vlan/b_173_vlan_9300_cg/configuring_private_vlans.html

You can segment networks (VLANs) behind the Firewall, but filtering traffic within the VLAN would not be routed via the Firewall.

Marvin Rhoads · ‎06-30-2022

Adding to what @Rob Ingram correctly noted, even the firewall models that support onboard switching (like the Cisco Secure Firewall 1010) do not support private VLANs.

PVLAN is mostly a technology that has been abandoned in favor of other segmentation or microsegmentation techniques. I have seen them in use in production once in over 30 years of experience working with hundreds of customer networks.

Wan_Whisperer · ‎11-10-2024

Marvin,

Can you go into a little more detail on the "segmentation or microsegmentation techniques" ?

VR