Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
561
Views
0
Helpful
1
Replies

Migration of Port-channel to Port-channel within FTD

Vishnu_RR
Level 1
Level 1

‎05-07-2022 08:13 AM

Hi,

I have to create a sub-interface and add it to the existing zone. how can I proceed with the below scenario?

FTD has 2 Port-channel.
1. Port-channel20(Interface Name - OUTSIDE): - IP address 10.10.10.10  is directly assigned to Port-channel 20 interface. This Port-channel20 is assigned to OUTSIDE Zone. This zone was added to the default route and ACLs.

 

Interface - Port-channel20

Name - OUTSIDE

ZONE - OUTSIDE

IP Address - 10.10.10.10

 

2. Port-channel 13 has subinterface1440.

Port-channel13.1440 assigned with IP address 192.168.10.10. This Port-channel13.13 is assigned to VPN Zone.

 

Interface - Port-channel13.1440

Name - VPN

ZONE - VPN

IP Address - 192.168.10.10

 

My Procedure:

1. Create another subinterface on Port-channel13 like Port-channel13.13.

2. Remove IP address 10.10.10.10 and OUTSIDE Zone from Port-channel20.

3. Assign IP address 10.10.10.10 to Port-channel13.13 & add to OUTSIDE Zone. (I hope that after doing these changes, it would automatically replicate to the default routes and ACLs.)

 

If I follow the above 3 steps, will I accomplish the migration of Port-channel20 to Port-channel13.13? I have doubt that around 400 ACLs have an OUTSIDE  Zone and the default route gets impacted.

 

Any suggestions?

Labels:
0 Helpful
1 Reply 1

Sheraz.Salim
VIP
VIP

‎05-09-2022 03:03 AM

Is this FTD is standalone or managed by FMC?

 

if it is Managed by FMC in that case

 

 

My Procedure:

1. Create another subinterface on Port-channel13 like Port-channel13.13.

-Correct

2. Remove IP address 10.10.10.10 and OUTSIDE Zone from Port-channel20.

-Correct

3. Assign IP address 10.10.10.10 to Port-channel13.13 & add to OUTSIDE Zone. (I hope that after doing these changes, it would automatically replicate to the default routes and ACLs.)

-Correct

 

If I follow the above 3 steps, will I accomplish the migration of Port-channel20 to Port-channel13.13? I have doubt that around 400 ACLs have an OUTSIDE Zone and the default route gets impacted.

 

If you have FTD managed by FMC in that case your ACL will intact and you can redeploy to your new zone from ACE.

 

Is these port channel are on same interfaces or on different interface on the firewall?

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents