Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
462
Views
2
Helpful
4
Replies

Using Firepower-2110 only to protect internal vlans

Go to solution
tony.isaac1
Level 1
Level 1

‎12-29-2023 06:09 AM - last edited on ‎12-29-2023 07:18 AM by Community Manager

I am looking for best practices regarding implementing a firepower-2110 only to protect my internal vlans.  I have 10 vlans that I want to protects from the other 20 vlans.  The firewpower will typically not have outside/Internet access.  Is it better to use subinterfaces, vni interfaces or something else?

Thank you,

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Ruben Cocheno
Spotlight
Spotlight

‎12-29-2023 06:22 AM

@tony.isaac1 

I prefer to use subinterfaces and sometimes VRF's on the LAN where is needed, now if you need to follow compliance (e.g PCI, etc)  you might need to evaluate the need for physical segregation instead. Performance over Security is something that need to be weighted

There are a couple of Design considerations that you need to take into account, but only you can decide

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

View solution in original post

Go to solution
MHM Cisco World
VIP
VIP

‎12-29-2023 06:24 AM

config two zone, and traffic not pass between zone in FTD.
this make each VLAN groups can not connect to each other. 
it not matter if you config subinterface or VLAN

MHM

View solution in original post

4 Replies 4

Go to solution
Ruben Cocheno
Spotlight
Spotlight

‎12-29-2023 06:22 AM

@tony.isaac1 

I prefer to use subinterfaces and sometimes VRF's on the LAN where is needed, now if you need to follow compliance (e.g PCI, etc)  you might need to evaluate the need for physical segregation instead. Performance over Security is something that need to be weighted

There are a couple of Design considerations that you need to take into account, but only you can decide

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

Go to solution
tony.isaac1
Level 1
Level 1
In response to Ruben Cocheno

‎12-31-2023 02:56 AM

Thank you Ruben.

This information as helped me determine how I am going to configure my ASA network.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎12-29-2023 06:24 AM

config two zone, and traffic not pass between zone in FTD.
this make each VLAN groups can not connect to each other. 
it not matter if you config subinterface or VLAN

MHM

Go to solution
tony.isaac1
Level 1
Level 1
In response to MHM Cisco World

‎12-31-2023 02:56 AM

Thank you MHM,

Thank you Ruben.

This information has helped me determine how I am going to configure my ASA network.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card