This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
CPRQ
Collaborator
‎2020-08-20 12:16 PM

Traceroute is not working on VSX firewalls

Jump to solution

ping is working

[Expert@fwg-pedc--a:2]# ping 10.116.25.9
PING 10.116.25.9 (10.116.25.9) 56(84) bytes of data.
64 bytes from 10.116.25.9: icmp_seq=1 ttl=128 time=0.819 ms
64 bytes from 10.116.25.9: icmp_seq=2 ttl=128 time=0.300 ms

--- 10.116.25.9 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.300/0.559/0.819/0.260 ms
[Expert@fwg--a:2]# traceroute 10.116.25.9
traceroute to 10.116.25.9 (10.116.25.9), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 *

For ping firewall log shows service icmp and passing

But for traceroute service shows gtp_path_mgmt (UDP/33501) and drop on default deny policy

How can we do traceroute?

0 Kudos
1 Solution

Accepted Solutions
Maarten_Sjouw
Champion
Champion
‎2020-08-20 02:10 PM

Jump to solution

Add the traceroute service to the services column, this will allow both the ping version and the UDP 33xxx version.

Regards, Maarten

View solution in original post

2 Replies
Maarten_Sjouw
Champion
Champion
‎2020-08-20 02:10 PM

Jump to solution

Add the traceroute service to the services column, this will allow both the ping version and the UDP 33xxx version.

Regards, Maarten
Daniel_Schlifka
Contributor
‎2020-08-20 04:11 PM
In response to Maarten_Sjouw

Jump to solution

Linux traceroute uses udp by default, unlike windows which relies on icmp.