Solved: Replace ASA firewall with FTD design.

michael ezenogha · ‎12-21-2018

Currently, the firewall is setup with 3 interfaces (internet, inside and dmz). The DMZ and Inside using subinterfaces on a port channel to respective vrfs for dmz and inside network. Now this will be replace with FTD next year and we desire to use FTD for routed mode but also leverage the NGFW and NGIPs features together.

From my research it seems FTD has to be in TRANSPARENT mode only to use NGIPs features or Inline Sets.

Is there a way to use the routed mode and inline set without having a buy additional hardware with the existing design of 3 zones (inside, dmz and inet)?

Abheesh Kumar · ‎12-21-2018

Hi,

FTD routed mode supports Full LINA-engine and Snort-engine checks. You can configure inline set in routed mode as well.

If it is in transparent or routed mode, for IPS inspection you need to buy threat license.

Thanks,
Abheesh
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Abheesh Kumar · ‎12-21-2018

Hi,

FTD routed mode supports Full LINA-engine and Snort-engine checks. You can configure inline set in routed mode as well.

If it is in transparent or routed mode, for IPS inspection you need to buy threat license.

Thanks,
Abheesh
PS: Please don't forget to rate and select as validated answer if this answered your question