When you configure traffic in the pre-filter on a FTD eliminate stateful inspection in addition to deep inspection? I have opened TAC cases on this before and received two different answers and was wondering if anyone can shed some light on this.
Thank you
Hello VJNetwork
Firepower threat defence (FTD) fastpath is a feature that allows you to enable a “first phase” of access control, also called “prefiltering”, before the system performs more resource-intensive evaluations such as deep inspections. As Cisco documentation states:
Prefiltering is simple, fast, and early. Prefiltering uses limited outer-header criteria to quickly handle traffic. Compare this to subsequent evaluation, which uses inner headers and has more robust inspection capabilities.
As further stated:
Prefilter and access control policies both allow you to block and trust traffic, though the prefiltering “trust” functionality is called “fastpathing” because it skips more inspection. The following table explains this and other differences between prefiltering and access control, to help you decide whether to configure custom prefiltering.
As such, this means that any “fastpathed” traffic does not subsequently go through more inspection. However, any traffic that is not matched by prefiltering configurations willl go through the “normal” filtering and inspection process.
The above information and the related quotes have been obtained from:
I hope this has been helpful!
Laz
The piece that it does not go into is if you fastpath traffic does stateful inspection still get applied.
Hello Vjnetwork
The document says that when it goes through “fastpathing” it skips more inspection. That’s the fundamental purpose of fastpath, to skip the more resource-intensive and generally slower stateful inspection. But not all traffic is fastpathed.
Any traffic that is not fastpathed will go through the more conventional and resource-intensive processes such as stateful inspection.
I hope this has been helpful!
Laz
Understood and thanks for the clarification.