Hello @abdulkarim041,
Yes, you can use them simultaneously. Cisco NGIPS/FTD is a unified software image that consists of 2 main engines:
- LINA engine
- Snort engine
The High-level packet flow is as follow:
- A packet enters the ingress interface and it is handled by the LINA engine
- If it is required by the FTD policy the packet is inspected by the Snort engine
- The Snort engine returns a verdict for the packet
- The LINA engine drops or forwards the packet based on Snort’s verdict
As FTD/NGIPS is a combination of ASA and Firepower engines in the backend, FTD/NGIPS provides two Deployment modes and six Interface modes as below:
- Two deployment modes:
- Routed (Device Modes inherited from ASA)
- Transparent (Device Modes inherited from ASA)
- Six Interface Modes:
- Routed (Interface Modes inherited from ASA)
- Switched (BVI) (Interface Modes inherited from ASA)
- Passive (Interface Modes inherited from Firepower)
- Passive (ERSPAN) (Interface Modes inherited from Firepower)
- Inline Pair (Interface Modes inherited from Firepower)
- Inline Pair with tap (Interface Modes inherited from Firepower)
Here is a high-level overview of the various FTD deployment and interface modes:
FTD interface mode FTD Deployment mode
Routed Routed
Switched Transparent
Inline Pair Routed or Transparent
Inline Pair with Tap Routed or Transparent
Passive Routed or Transparent
Passive (ERSPAN) Routed
In Short:
- When you configure an Inline Pair 2 Physical interfaces are internally bridged
- Very similar to classic inline Intrusion Prevention System (IPS)
- Available in Routed or Transparent Deployment modes
- Most of the LINA engine features (NAT, Routing, etc) are not available for flows that go through an Inline Pair Transit traffic can be dropped
*** If you found this as a piece of useful information, please remember to mark this as helpful...
Spooster IT Services Team
