05-07-2022 08:13 AM
Hi,
I have to create a sub-interface and add it to the existing zone. how can I proceed with the below scenario?
FTD has 2 Port-channel.
1. Port-channel20(Interface Name - OUTSIDE): - IP address 10.10.10.10 is directly assigned to Port-channel 20 interface. This Port-channel20 is assigned to OUTSIDE Zone. This zone was added to the default route and ACLs.
Interface - Port-channel20
Name - OUTSIDE
ZONE - OUTSIDE
IP Address - 10.10.10.10
2. Port-channel 13 has subinterface1440.
Port-channel13.1440 assigned with IP address 192.168.10.10. This Port-channel13.13 is assigned to VPN Zone.
Interface - Port-channel13.1440
Name - VPN
ZONE - VPN
IP Address - 192.168.10.10
My Procedure:
1. Create another subinterface on Port-channel13 like Port-channel13.13.
2. Remove IP address 10.10.10.10 and OUTSIDE Zone from Port-channel20.
3. Assign IP address 10.10.10.10 to Port-channel13.13 & add to OUTSIDE Zone. (I hope that after doing these changes, it would automatically replicate to the default routes and ACLs.)
If I follow the above 3 steps, will I accomplish the migration of Port-channel20 to Port-channel13.13? I have doubt that around 400 ACLs have an OUTSIDE Zone and the default route gets impacted.
Any suggestions?
05-09-2022 03:03 AM
Is this FTD is standalone or managed by FMC?
if it is Managed by FMC in that case
My Procedure:
1. Create another subinterface on Port-channel13 like Port-channel13.13.
-Correct
2. Remove IP address 10.10.10.10 and OUTSIDE Zone from Port-channel20.
-Correct
3. Assign IP address 10.10.10.10 to Port-channel13.13 & add to OUTSIDE Zone. (I hope that after doing these changes, it would automatically replicate to the default routes and ACLs.)
-Correct
If I follow the above 3 steps, will I accomplish the migration of Port-channel20 to Port-channel13.13? I have doubt that around 400 ACLs have an OUTSIDE Zone and the default route gets impacted.
If you have FTD managed by FMC in that case your ACL will intact and you can redeploy to your new zone from ACE.
Is these port channel are on same interfaces or on different interface on the firewall?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide