Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

Rising star

Traceroute through FTD Sensor?

Does anyone have an FTD based firewall running, where traceroute through it works ?

In ASA, enabling inspection of icmp/icmp error, allowed traceroute to match icmp replies and allow them, without having to open icmp return packets on the outside interface.

This as far as i can tell, is not the case with FTD, I have no policies allowing any traffic from outside->inside, which is what i wan't. The FTD is not blocking the return packets for http/https or any other regular protocol, however it does seem to be blocking the return icmp packets, it seems like the old-style ASA icmp/icmp error inspection, is not working like it used to.

Anyone having problems with traceroute and FTD also ?


Who Me Too'd this topic