Solved: Re: Allow ICMP (ping & tracert) between interfaces on Firepower 11 - Cisco Community

7391

Views

0

Helpful

2

Replies

We recently implemented a firepower 1140 running 7.0.1-84. We would like to allow host on our inside network to ping & tracert a host on our DMZ, and vice versa. Our DMZ and inside network have dedicated interface on the firepower. when I create an ACL to allow this traffic, ICMP, echo, and TTL are not listed.

How can I make these available to allow icmp to specific host on these interfaces?

thank you.

1 Accepted Solution

Accepted Solutions

@PhilipTalavera7329 how are you managing these devices? If using FMC, you need to configure a service policy, from there you can decrement the TTL. https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/threat_defense_service_policies.html#id_71048

Here is a guide to configure ICMP/Traceroute through FTD.

View solution in original post

2 Replies 2

@PhilipTalavera7329 how are you managing these devices? If using FMC, you need to configure a service policy, from there you can decrement the TTL. https://www.cisco.com/c/en/us/td/docs/security/firepower/670/configuration/guide/fpmc-config-guide-v67/threat_defense_service_policies.html#id_71048

Here is a guide to configure ICMP/Traceroute through FTD.

thank you. issue resolved

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking for a $25 gift card