Traceroute is not working on VSX firewalls

CPRQ — Thu, 20 Aug 2020 19:16:53 GMT

ping is working

[Expert@fwg-pedc--a:2]# ping 10.116.25.9
PING 10.116.25.9 (10.116.25.9) 56(84) bytes of data.
64 bytes from 10.116.25.9: icmp_seq=1 ttl=128 time=0.819 ms
64 bytes from 10.116.25.9: icmp_seq=2 ttl=128 time=0.300 ms

--- 10.116.25.9 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.300/0.559/0.819/0.260 ms
[Expert@fwg--a:2]# traceroute 10.116.25.9
traceroute to 10.116.25.9 (10.116.25.9), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 *

For ping firewall log shows service icmp and passing

But for traceroute service shows gtp_path_mgmt (UDP/33501) and drop on default deny policy

How can we do traceroute?

Re: Traceroute is not working on VSX firewalls

Maarten_Sjouw — Thu, 20 Aug 2020 21:10:02 GMT

Add the traceroute service to the services column, this will allow both the ping version and the UDP 33xxx version.

Re: Traceroute is not working on VSX firewalls

Daniel_Schlifka — Thu, 20 Aug 2020 23:11:32 GMT

Linux traceroute uses udp by default, unlike windows which relies on icmp.

topic Re: Traceroute is not working on VSX firewalls in Firewall and Security Management

Traceroute is not working on VSX firewalls

Re: Traceroute is not working on VSX firewalls

Re: Traceroute is not working on VSX firewalls