Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
0
Helpful
8
Replies

Url and application filtering on FTD

Vishal6
Level 2
Level 2

‎06-23-2025 05:14 AM

Hello,

Wants to deployed MX105 at core level and FTD at perimeter level in our network. However i have procure utm licenses for MX appliances, not for FTD.

1. Can i achieve the url filtering at FTD after it gets filter from MX.

2. Wants to achieve load balancing using Meraki MX (using as a core FW) where FTD will be perimeter.

Attached diagram for reference.

Vishal6_0-1750680431797.png

 

 

 

0 Helpful
8 Replies 8

MHM Cisco World
VIP
VIP

‎06-23-2025 05:31 AM

It ok to use ftd url filter after other fw (except it will little slow your traffic if first fw also use url filter)

For other Q can you more elaborate 

Thanks 

MHM

0 Helpful

Vishal6
Level 2
Level 2
In response to MHM Cisco World

‎06-24-2025 11:03 PM

What if FTD don't have any threat, malware and url filtering license? Still it will process the traffic coming via Mx 

0 Helpful

Aref Alsouqi
VIP
VIP
In response to Vishal6

‎06-25-2025 06:28 AM

Can't see why not. Traffic routing will still work as normal, and the FTD will process that traffic just fine. The only thing is that the FTD in that case won't be doing any security inspection apart from the normal access lists checks.

0 Helpful

Vishal6
Level 2
Level 2

‎06-23-2025 05:33 AM

One more query, 

As we are not directly connecting Mx to Internet, how warm spare works here ?.

Would MX capture both isp ip address via FTD

Will using single private uplink  ip address (Link between FTD and MX) able to form warmspare ?

0 Helpful

Aref Alsouqi
VIP
VIP

‎06-23-2025 09:21 AM

Yes it should work, because from the MXs perspective they just need to be connected to Meraki dashboard, it doesn't really matter if they are connected directly to the internet or via another device as in your case. When the primary MX doesn't reach the Meraki dashboard anymore it will be assumed that is down and the secondary MX will become the primary. In your shared diagram there are no links between the switches, I'm assuming the switches will be connected to each other and both firewalls will be connected to each switch. That will provide you full resiliency. Regarding using URL filtering on the MX, as already mentioned, that shouldn't be an issue, you can turn on whichever security features on the MX and do part of the security inspections on them and leave the rest for the FTDs based on the licenses installed.

0 Helpful

Vishal6
Level 2
Level 2
In response to Aref Alsouqi

‎06-24-2025 11:05 PM

What about sdwan features on MX ?. Will it do load balancing as public IP link directly terminated on FTD and it (FTD) mostly use usp link for redundancy 

0 Helpful

Aref Alsouqi
VIP
VIP
In response to Vishal6

‎06-25-2025 06:26 AM

I don't think that will work because even if connect each MX to both firewalls, one of the firewalls will be passive, so the MX will have no chance to load balance the traffic accross the two firewalls.

0 Helpful

Vishal6
Level 2
Level 2
In response to Aref Alsouqi

‎06-25-2025 10:23 AM

Here 2 isp link will be terminated to both FTD, but primary FTD will use one isp at a time still it goes down. Can mx provide sdwan features here ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card