Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
128
Views
0
Helpful
1
Replies

VRF Design and Firewall FPR

FayasSalam95
Level 1
Level 1

‎06-14-2024 01:33 PM

FayasSalam95_0-1718396744793.png

As you can see from my diagram, My trusted Zone and VLANs are having SVIs in the Distribution switch.

 

Also my Core firewall have the SVI of all the VLANs from the DMZ and Untrust Zone .

 

All these ZOnes should be seperated using VRFs.And these VRFs should be able to communicate using the Firewall .That means routing decisions for one VRF to another VRF should be taken by Firewall.

How should i configure my Core,Distribution and Firepower Firewall.

Also note that all traffic from Distribution switch should go through the Core switch itself.

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎06-14-2024 11:12 PM

As you mentioned you can setup a VRF on the VLAN

you can use Transit VLAN for VRF to reach Firewall, then Firewall make decision on VRF to VRF Traffic or Zone to Zone allow or deny based on the ACP you defined.

Not sure what code running on VSS (check the VRF Support- if not you need to use VLAN here to in association with VRF.

If you using cat 9K switch you need network advantage license to create  VRF.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card