09-18-2018 05:45 AM - edited 02-21-2020 08:15 AM
Hi all
I have FTD 2130 version 6.2.3.2 , I'm facing that server trace e.g. 8.8.8.8 always show *
I had read many articles , I had tried
1. set policy from outside to inside allow icmp all
2. add flexconfig with
policy-map global_policy
class class-default
set connection decrement-ttl
still not working , someone can help me to fix it? thanks a lot
=============update======================
I fixed this issue , thanks.....
Solved! Go to Solution.
09-18-2018 09:46 PM - edited 09-27-2018 03:47 AM
Are you serious?
Just traceroute not working, others are working
Any better ideal ? thanks
=======update=======
I fixed , thanks all
09-18-2018 08:08 AM - edited 09-18-2018 08:47 AM
Here are the key commands I have on my FTD for traceroute functionality. Check your config against this and let me know if you see any discrepancies.
> show running-config policy-map global_policy ! policy-map global_policy class inspection_default <snipped irrelevant bits> inspect icmp inspect icmp error class class-default <snipped irrelevant bits> set connection decrement-ttl > show running-config | include icmp permit icmp permit any time-exceeded <nameif of your outside interface> icmp permit any unreachable <nameif of your outside interface> >
09-18-2018 04:17 PM - edited 09-18-2018 06:27 PM
hi sir ,
thank you for reply
here is my config
> show running-config policy-map global_policy
!
policy-map global_policy
class inspection_default
.......
inspect icmp error
inspect icmp
class class-default
set connection advanced-options UM_STATIC_TCP_MAP
set connection decrement-ttl
!
> show running-config | include icmp permit
icmp permit any unreachable Internet_att
icmp permit any time-exceeded Internet_att
the config are the same , but still not working , what's wrong >< please help me.
thanks.
09-18-2018 07:22 PM
Can you confirm that the FTD inside address is your default gateway?
If there was another firewall in the path first that could cause the issue.
09-18-2018 07:39 PM - edited 09-18-2018 07:40 PM
hi sir
thanks , in our scenario there is only one FTD , so server's gateway is FTD.
scenario:
server1-----|
server2-------- SW ----FDT
server3-----| |-------------isp
is there have another need check ? thanks
09-18-2018 09:29 PM
Are connections other than traceroute working?
Something such as web browsing (tcp/80 or 443)?
09-18-2018 09:46 PM - edited 09-27-2018 03:47 AM
Are you serious?
Just traceroute not working, others are working
Any better ideal ? thanks
=======update=======
I fixed , thanks all
01-28-2019 09:14 PM
09-18-2018 10:08 PM
09-18-2018 10:21 PM
09-18-2018 10:46 PM
09-18-2018 11:17 PM
09-18-2018 08:37 AM
09-18-2018 10:08 PM - edited 09-18-2018 10:11 PM
请提供 Tracroute 结果让我们参考一下.
09-18-2018 10:10 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide