Solved: Which interface to enable in Passive mode for FTDv for monitoring?

CiscoBrownBelt · ‎02-06-2025

Does it really matter which port you enable on a sensor/FTDv (managed on FMC) for passive monitoring? So as long as say SPAN port is configured on the device/switch to send traffic to the the server port that the FTDv host resides on you should see traffic on the FMC correct?

Sheraz.Salim · ‎02-07-2025

Yes it matters which port you enable on a sensor/FTDv for passive monitoring. The port you configure for passive monitoring on the FTDv must match the port receiving the SPAN traffic from the switch.

As long as the SPAN port on the switch is correctly configured to send traffic to the server port where the FTDv is hosted, and the corresponding interface on the FTDv is set to passive mode, you should see the traffic. However, you must also create a passive security zone, add the interface to it.

please do not forget to rate.

View solution in original post

Sheraz.Salim · ‎02-07-2025

Yes it matters which port you enable on a sensor/FTDv for passive monitoring. The port you configure for passive monitoring on the FTDv must match the port receiving the SPAN traffic from the switch.

As long as the SPAN port on the switch is correctly configured to send traffic to the server port where the FTDv is hosted, and the corresponding interface on the FTDv is set to passive mode, you should see the traffic. However, you must also create a passive security zone, add the interface to it.

please do not forget to rate.

CiscoBrownBelt · ‎02-10-2025

Thanks! Say port 10 is configured for SPAN on the switch. Which FTDv port would I enable for Passive monitoring on the FTDv if there are only 7 available ports to choose from on the FTDv?