Well, I think everybody would agree, that changing the legacy protocol in use, would be "the best thing to do", but it´s not up to me to decide the protocols used and serviced offered by other companys (im a Senior Consultant at a large cisco partner company)... I can advise them, but when the push come to show, its up to the specific customer to choose..
This specific customer is migrating from older, over the counter CPE hardware, that handled the passive ftp inspection... so I was just curious, as to why this protocol inspection was dropped on a next-gen firewall... to my knowledge passive ftp is still used on a very large scale... legacy protocol or not!
Regards Ole