Solved: Re: Ping FTD outside interface from inside

ajtm · ‎07-03-2019

Even when all traffic is allowed I've noticed that I can't ping FTD interfaces except the "nearest" interface (traffic doesn't cross FTD).

Is it possible to allow this traffic?

Francesco Molino · ‎07-03-2019

Hi

You can only ping the interface from where the traffic comes in only.
See documentation : https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/platform_settings_for_firepower_threat_defense.html#task_42BBA666CD604517ADA18B32CA162F62
"The Firepower Threat Defense device only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface to a far interface."

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Francesco Molino · ‎07-03-2019

Hi

You can only ping the interface from where the traffic comes in only.
See documentation : https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/platform_settings_for_firepower_threat_defense.html#task_42BBA666CD604517ADA18B32CA162F62
"The Firepower Threat Defense device only responds to ICMP traffic sent to the interface that traffic comes in on; you cannot send ICMP traffic through an interface to a far interface."

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question