I have FTD's in HA. Do I need to set/change the platform settings for FTD-HA and apply the commands shown in the screenshots? Would appreciate your help!
Anyone still have this issue? I have an HA pair of Firepower 2110 running 188.8.131.52 in my lab and I flat-out cannot get traceroute to work through them, even after configuring the ICMP and FlexConfig settings recommended by Marvin. I have the same symptom that Alexandre described - all the traceroute hops fail except for the final one, which does come through.
Finally got an answer from TAC on a 2+ month old SR of them, and it works, no fancy settings required:
Add ICMP (either v4 or v6) Destination Unknown and Time Exceeded to the list of allowed ICMP traffic.
And that's it, plain and simple. Not what I was expecting but hey, the theory behind it makes sense if you think about it. If anyone feels brave enough digging into all the small sub-options, feel free to do so and let us know so we can tight even further our controls :)
OK, thanks for the guidance so far. Can someone expand or post a link on how to "use Flex config to add inspects"?.
I tried adding the System Defined, Default_Inspection_Protocol_Enable, to a new Flexconfig policy, however it seemed to do nothing.
Answered in your related post: