Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
730
Views
0
Helpful
2
Replies

Overlapping traffic on the FirePOWER appliance

Go to solution
Rodrigo Gurriti
Level 3
Level 3

‎06-08-2016 12:32 PM - edited ‎03-12-2019 06:02 AM

Hi everyone,

 

How should I deal with the overlapping traffic on the FirePOWER appliance?

I am inspecting 2 VLANs using virtual switches, one VLAN is my internet edge and the other VLAN is my internal servers VLAN.

Sometimes my internal servers VLAN needs to access the internet and that traffic overlaps with the inspection to my internet edge VLAN.

Is there a configuration to avoid the connections from being logged/inspected twice?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎06-08-2016 11:02 PM

Hi

You can create trust rule with specific zones/vlan or source/destination IP if you want specific traffic not to be inspected.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
yogdhanu
Cisco Employee
Cisco Employee

‎06-08-2016 11:02 PM

Hi

You can create trust rule with specific zones/vlan or source/destination IP if you want specific traffic not to be inspected.

0 Helpful

Go to solution
Rodrigo Gurriti
Level 3
Level 3
In response to yogdhanu

‎06-09-2016 06:07 AM

Hi,

It will work If I have multiple devices with different ACPs, but if I only have one device with one ACP it will not work. Is there anyway to do that with a single ACP?

I currently have a pair of FirePOWER appliances in High-Availability and they act as one. On this devices I inspect 2 VLANs using the virtual switch. Some traffic flows will cross both VLANs, causing the traffic to go thru the appliance twice.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card