Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
1
Helpful
4
Replies

Internet Routing FTD 2120

Go to solution
Darren Thompson
Level 1
Level 1

‎08-16-2024 12:50 PM - last edited on ‎08-16-2024 04:19 PM by Community Manager

I have a FMC managing two 2120 devices.  They are connected to our SD Wand circuit.  We recently purchased a standalone internet circuit.  I am trying to see if the visitor traffic on the network can be routed through the firewall and out the standalone circuit and not go through the SD wan.  I have created a sub interface and assigned one of the interfaces to it.  The traffic from the network comes to the core and a Nat is created to route it out to the stand alone.  Does the interface need a statis IP to route the traffic out or can the interface do a layer 2 passthrough to let it out?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
ccieexpert
Spotlight
Spotlight

‎08-17-2024 12:50 AM

you can do policy routing

https://integratingit.wordpress.com/2021/04/18/ftd-policy-based-routing/

so that only the  visitor subnet will be policy routed to the new circuit.. see example

7.3 and 7.4 have added more sdwan type of capabilities for better control etc.. but plain and simple policy routing will work if you are on older versions..

View solution in original post

0 Helpful
4 Replies 4

Go to solution
ccieexpert
Spotlight
Spotlight

‎08-17-2024 12:50 AM

you can do policy routing

https://integratingit.wordpress.com/2021/04/18/ftd-policy-based-routing/

so that only the  visitor subnet will be policy routed to the new circuit.. see example

7.3 and 7.4 have added more sdwan type of capabilities for better control etc.. but plain and simple policy routing will work if you are on older versions..

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎08-17-2024 02:16 AM

To answer we need more info.

You config fw with sdwan' usually sdwan use igp with device connect to service vpn' but here you use default route in fw to forward traffic to sdwan vedge router?

That I think why you ask' to forward traffic to internet you need additional defualt route and this make two defualt route in FTD and not work.

What ypu need is using IGP between ftd and sdwan to learn prefix of all other sdwan branches then config defualt route in ftd toward internet ISP.

It sdwan issue more than FW issue 

MHM

0 Helpful

Go to solution
ccieexpert
Spotlight
Spotlight

‎08-18-2024 02:11 AM

Please dont get confused with confusing statements

if i understand SDWAN is done by a ISP router or another router/firewall that is in front of your firewall. So essentially your firewall has a default route to this SDWAN router firewall/router and that provides the load balancing / sharing for existing internet circuits ? right ?

And you are getting another internet circuit ?

If this is all true, then please follow my instructions earlier with policy routing and that should just work fine ...

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to ccieexpert

‎08-18-2024 02:51 AM - edited ‎08-18-2024 02:54 AM

please make review 
how other SDWAN know there is internet ISP connect to FW and need to forward traffic to FW ??

PBR in FTD make other SDWAN edge routers know to access internet send traffic to FW !!!!!

pbr only work if all visitor subnet direct connect to FW.

please answer this 

MHM

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card