Skip to main content

 

 

Cisco Defense Orchestrator

Assign an FTD Interface to a Security Zone

Before you Begin

An interface has the following limitations when adding a security zone:

  • The interface must have a name.
  • The interface cannot be management-only. This option is enabled and disabled from the Advanced tab of the interface. 
  • You cannot assign a security zone to a bridge group interface.
  • You cannot assign a security zone to an interface configured for switchport mode. 
  • CDO does not currently support the management, monitoring, or use of Virtual Tunnel Interface (VTI) tunnels on ASA or FTD devices. Devices with configured VTI tunnels can be onboarded to CDO but it ignores VTI interfaces. If a security zone or static route references a VTI, CDO reads the security zone and static route without the VTI reference. CDO support for VTI tunnels is coming soon.

Assign a Firepower Interface to a Security Zone

Use the following procedure to associate a security zone to an existing interface:

  1. Log into CDO. 
  2. In the navigation pane, click Devices & Services
  3. Select the FTD you want to modify. In the Management Pane located to the right, click Interfaces
  4. Select the interface you want to add a security zone to and click  edit.pngEdit.
  5. Use the Security Zone drop-down menu and select the security zone you want associated with this interface. 

Note: If need to, ceate a new security zone from this drop-down menu by clicking Create New

  1. Click Save
  2. Deploy Configuration Changes from CDO to FTD

Related Articles:

  • Was this article helpful?