I have a requirement to bypass traffic inspection or whitelist ip addresses to allow pen testing to take place on our external IP address range. Previously achieved this using service policy on ASA's. With FTD's is the best option to use pre-filters ...