Cisco FTD 6.2.2 PreFilter issue…
This is what a TAC engineer had to say after I found PF not working:
“In 6.2.2, we have figured out off-loading feature is not functional. We have around 5 known issue with offloading that I causing the pre-filter to fail. Create trust rules in access control policy for these rules with security intelligence enabled, that should be resolving the issue.”
So if you rely on prefilters for certain things, either stay at 6.2.02 or use your ACP trust rules for now….