Traceroute through FTD running 6.3

Colin Higgins — Fri, 21 Feb 2020 16:55:55 GMT

I upgraded my FTD firewalls to 6.3 and the old configuration for getting traceroute to work is no longer valid.

Does anyone know how to get traceroute working on 6.3+ code?

Re: Traceroute through FTD running 6.3

Marvin Rhoads — Tue, 12 Mar 2019 04:02:14 GMT

It's working fine for me. Here's the output from a host in my lab using an FTDv as the gateway:

C:\Users\Administrator.DC>tracert www.cisco.com

Tracing route to e2867.dsca.akamaiedge.net [23.51.50.219]
over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  172.31.1.1
  2    15 ms     5 ms     4 ms  192.168.0.1
  3    33 ms    17 ms    16 ms  175.139.71.254
  4    19 ms    16 ms    11 ms  10.55.49.21
  5    27 ms    28 ms    26 ms  a23-51-50-219.deploy.static.akamaitechnologies.com [23.51.50.219]

Trace complete.

C:\Users\Administrator.DC>

Last login: Mon Mar 11 14:38:23 UTC 2019 from jumpserver.ccielab.mrneteng.com on pts/0

Copyright 2004-2018, Cisco and/or its affiliates. All rights reserved. 
Cisco is a registered trademark of Cisco Systems, Inc. 
All other trademarks are property of their respective owners.

Cisco Fire Linux OS v6.3.0 (build 21)
Cisco Firepower Threat Defense for VMWare v6.3.0.1 (build 85)

> 
> show ip address
System IP Addresses:
Interface                Name                   IP address      Subnet mask     Method 
GigabitEthernet0/0       Inside-Lab             172.31.1.1      255.255.255.0   CONFIG
GigabitEthernet0/1       Outside-Home           192.168.0.204   255.255.255.0   CONFIG
Management0/0            diagnostic             172.31.4.2      255.255.255.0   manual
Current IP Addresses:
Interface                Name                   IP address      Subnet mask     Method 
GigabitEthernet0/0       Inside-Lab             172.31.1.1      255.255.255.0   CONFIG
GigabitEthernet0/1       Outside-Home           192.168.0.204   255.255.255.0   CONFIG
Management0/0            diagnostic             172.31.4.2      255.255.255.0   manual
> show running-config service-policy
service-policy global_policy global
service-policy policy_map_Inside-Lab interface Inside-Lab
> show running-config policy-map
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map type inspect ip-options UM_STATIC_IP_OPTIONS_MAP
 parameters
  eool action allow
  nop action allow
  router-alert action allow
policy-map policy_map_Inside-Lab
 match flow-rule qos 268435460
  police output 1000000 31250
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
  inspect icmp 
  inspect icmp error 
 class class-default
  set connection advanced-options UM_STATIC_TCP_MAP
  set connection decrement-ttl
!
> show running-config class-map
!
class-map inspection_default
 match default-inspection-traffic
!
>

topic Traceroute through FTD running 6.3 in Network Security

Traceroute through FTD running 6.3

Re: Traceroute through FTD running 6.3