Does anyone have an FTD based firewall running, where traceroute through it works ?
In ASA, enabling inspection of icmp/icmp error, allowed traceroute to match icmp replies and allow them, without having to open icmp return packets on the outside interface.
This as far as i can tell, is not the case with FTD, I have no policies allowing any traffic from outside->inside, which is what i wan't. The FTD is not blocking the return packets for http/https or any other regular protocol, however it does seem to be blocking the return icmp packets, it seems like the old-style ASA icmp/icmp error inspection, is not working like it used to.
Anyone having problems with traceroute and FTD also ?