View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0237 - FTD 6.1 Firewall Mode and Interface Type (Part 2)

SEC0237 - FTD 6.1 Firewall Mode and Interface Type (Part 2)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video walks you through different operational mode on Cisco FTD 6.1 as physical and virtual (NGFWv) devices covering, routed, passive, inline, transparent and ERSPAN modes. We will focus on interface configuration of each type, zone configuration, and how to get traffic to pass through or to the device. 
 
Part 2 of this video covers FTD in passive and inline modes
 
Topic:
  • FTD Routed Mode
    • Routed Zone
    • Routed Interface
    • Redundant Interface
    • Static Route
  • FTD Passive Mode
    • Passive Zone
    • Passive Interface
    • SPAN Session
  • FTD Inline Mode
    • Inline Zone
    • Inline Set
  • FTD Transparent Mode
    • Etherchannel
    • Sub-Interface
    • Bridge Group Interface
  • FTD with ERSPAN
Tag: 
asa
firepower
sourcefire
ngfw
ftd
routed
transparent
ips
erspan
inline

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

4 comments

Submitted by jjoshi on Mon, 03/12/2018 - 12:02

Hi Metha,

Thanks for your very helpful videos. Its really helpful to learn about cisco stuff. However, i got a question here. What if FTD-HA pair is set up in Transparent mode and interface is in Inline mode and security zone is Inside and outside. In this case, do we still need to assign IPV4 in BVI interface?
Any help is much appreciated!

Submitted by admin on Wed, 03/14/2018 - 18:22

Absolutely. The BVI is required regardless of HA. It is used for firewall-generated traffic.

Submitted by jjoshi on Thu, 03/15/2018 - 05:30

Thanks for the quick response! But then, when i go for BVI and to assign IP address, it does not showing me the interfaces in the BVI list for which i have assign the IP. Lets say, Inside and Outside and in Transparent we give Ip address to the one which acts as one communication line for both. But in order to give the IP we need to select the interfaces in the BVI list, but its not showing up as its in Trust <-> Untrust zone.

Submitted by admin on Mon, 03/19/2018 - 22:27

Can you make sure your FW is in fact in transparent mode? Do you see any interfaces listed as available and able to move them to Selected Interface?