Firepower Threat Defense – Interfaces and Zones
- FTD is a true zone based firewall.
- Security zones are collections of interfaces or sub-interfaces.
- Policy rules can apply to source and/or destination zones.
- This is NOT an ASA – We do NOT use security levels.
- Management Interface
- Diagnostic Interface
- Physical Interface
- Our WAN/Outside will be our untrusted traffic.
- We will use DHCP to get an IP address leased from the internet service provider.
- Our LAN interface will be for our internal (inside) traffic.
- We will use a static IP address and this port will be a routed interface that is connected to a routed port on our Cisco switch.
- You can have different designs and use sub interfaces with dot1q trunking but I prefer to use as much layer 3 that I can.
- We are using OSPF for our routing protocol.
- We will advertise all of our inside networks and keep everything in the backbone.
- We are going to be a normal router, we don’t need stub or not-so-stubby – we are an internal router.
- We don’t need to worry about range or virtual links.