Solved: Re: Share one FTD between two companies in different AD forests?

Jack G · ‎04-19-2022

Merged with another company. Looking to bring their servers to our data center. Will we run into issues with multiple realms since there’s two different AD forrest? Plan is to use additional interfaces for their own inside and outside zone to separate from the existing company. They will need remote access VPN too so not sure if we can do RAVPN on multiple outside interfaces, i.e. outside1 for company 1 and outside 2 for company 2.

Any insight would be appreciated!

Rob Ingram · ‎04-19-2022

@Jack G you'd run into routing issues if you had 2 outside interfaces.

You could create 2 connection profiles, 1 for each company. Each connection profile is configured to authenticate to a different AD, with a unique IP pool if you wish.

You can then use different inside interfaces for each company and configure your ACP rules to permit only the required access.

View solution in original post

Rob Ingram · ‎04-19-2022

@Jack G you'd run into routing issues if you had 2 outside interfaces.

You could create 2 connection profiles, 1 for each company. Each connection profile is configured to authenticate to a different AD, with a unique IP pool if you wish.

You can then use different inside interfaces for each company and configure your ACP rules to permit only the required access.

Jack G · ‎04-20-2022

Questioning the routing as well. Both outside and outside2 would use the same block of public IPs which I’ll need to further review, but guessing the route would want to use the default route and use outside1.

Rob Ingram · ‎04-20-2022

@Jack G Yes that's what I was alluding to if using 2 outside interfaces.