07-25-2022 11:11 PM
Dear Experts
Kindly seeking your advises because of that I have running SonicWALL firewall with three ISP WAN connections from Same ISP
and the migration process is going on from SonicWALL to FMC 7.0/1200 FTD
how to configure the 3 WAN in FMC/FTD 2 wan public IP is opened 443 for sum web tires apps
kindly help me to get it successful configuration in CISCO
07-26-2022 05:43 AM
Are the "three ISP WAN connections from Same ISP" in different subnets?
07-26-2022 05:52 AM
07-26-2022 06:04 AM
FTD (and ASA) firewalls do not have the same capabilities as SonicWall does with respect to WAN interfaces. An FTD firewall generally has only a single external default route. While you can use policy-based routing to setup services on a second or third WAN interface, it requires that you know the remote addresses to be included in advance. You cannot, for example, say "Use the /24 for everything except web servers A and B which use WAN 1 and WAN 2 interfaces."
However, since you have a /24 why not just use it for all traffic?
07-26-2022 06:22 AM
See , The problem is we don't have any Reverse Proxy for our web servers
each (2) web app is hosted each Static Public IP and open the port 443
the next web server APP is ready to host so we need to use another public IP .
so the Lan Traffic is mostly passed in WAN1 but the Web access is coming through WAN1 and WAN2 no expecting to next WAN3
so I am seeking the advise PBR configuration in FMC with appropriate NAT/PAT for WEB apps
what I can do please advise
07-26-2022 07:15 AM - edited 07-27-2022 02:16 PM
You could try to use ASA/FTD NAT-divert feature, it works similarly to PBR and sometimes this messes up with people but in your case it could even work in your favor
This should allow your traffic to go as you expect but for regular egress traffic only your first interface will be serving egress Internet traffic.
NOTE:
One other option that comes to mind, but I haven't tried yet is to use VRF-lite context with leaking, if anyone ever tried that it would be interesting to know if that would work here
07-27-2022 07:55 AM
Hello These all steps do you think will accept FMC because my firepower is registered under FMC
Can I configure 3 wan under PBR/SLA than nat divert .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide