Solved: Traceroute is not working on VSX firewalls

CPRQ · ‎2020-08-20

ping is working

[Expert@fwg-pedc--a:2]# ping 10.116.25.9
PING 10.116.25.9 (10.116.25.9) 56(84) bytes of data.
64 bytes from 10.116.25.9: icmp_seq=1 ttl=128 time=0.819 ms
64 bytes from 10.116.25.9: icmp_seq=2 ttl=128 time=0.300 ms

--- 10.116.25.9 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.300/0.559/0.819/0.260 ms
[Expert@fwg--a:2]# traceroute 10.116.25.9
traceroute to 10.116.25.9 (10.116.25.9), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 *

For ping firewall log shows service icmp and passing

But for traceroute service shows gtp_path_mgmt (UDP/33501) and drop on default deny policy

How can we do traceroute?

Maarten_Sjouw · ‎2020-08-20

Add the traceroute service to the services column, this will allow both the ping version and the UDP 33xxx version.

Regards, Maarten

View solution in original post

Maarten_Sjouw · ‎2020-08-20

Add the traceroute service to the services column, this will allow both the ping version and the UDP 33xxx version.

Regards, Maarten

Daniel_Schlifka · ‎2020-08-20

Linux traceroute uses udp by default, unlike windows which relies on icmp.

Traceroute is not working on VSX firewalls

Quantum spark ipsec tunnel using vti interface

PBR w/ 2 ISPs, no ISP Redundancy

Firewall upgrade issues

Bridge mode and tagged traffic

Lost Zabbix packets

Are you a member of CheckMates?