04-03-2018 04:38 AM - edited 02-21-2020 07:35 AM
Hi Support Community
I was wondering if someone here can answer my question. I have a customer that has a Cisco 4140 Firepower Appliance and this is doing Data Centre segmentation. Does the Firepower Appliances support sending traffic out the same Zone that it was received on and is there a command that one must run for this.
I remember in the ASA days one had to configure the "same-security-traffic permit inter-interface" and "same-security-traffic permit intra-interface" commands in order to achieve traffic being sent between interfaces of the same security level without being controlled by an Access-List.
So, does the Firepower Appliances (not ASA with Firepower Modules) support this feature and is it supported by default or does one need to configure it to be supported??
04-03-2018 06:28 AM
If you will be using for arguments sake the "inside" interface to receive traffic on (because for instance a default route points to it). and the send the traffic out the same inside interface destined for another subnet. that sort of makes the firewall a router, with no ACL applied. I cant see why that wont work? any reason why you wouldnt be using subinterfaces?
04-03-2018 06:58 AM
"same-security-traffic is not applicable on FTD. Traffic between FTD interfaces (inter) and hairpinning (intra) is allowed by default"
HTH
Bogdan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide