Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

Allow Check Point to accept and respond to traceroute

I know that by default Check Point will not accept a traceroute, whether it is the RFC standard or the Microsoft bastardized version.

For routing and latency troubleshooting purposes what is the best way to allow a Check Point appliance to accept and send the response to a traceroute, whether it is the UDP or Microsoft version?  I see the tracerroute object is for the UNIX UDP standard.  I have a utility that installs in MS Windows that will do a UDP traceroute but it doesn't follow the RFC UDP ports.  Any suggestions?

0 Kudos
3 Replies
Highlighted
Admin
Admin

Windows traceroute is ICMP-based with a short TTL.
That means allowing ICMP Echo Request in the policy.
0 Kudos
Nickel

Do I allow the icmp echo requests to the actual IP on the firewall itself, even if that is not the destination of the trace?  Same thing for the UDP traceroute.

0 Kudos
Highlighted
Admin
Admin

Just the destination of the actual traceroute in either case.
0 Kudos