Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

Traceroute is not working on VSX firewalls

Jump to solution

ping is working

[Expert@fwg-pedc--a:2]# ping 10.116.25.9
PING 10.116.25.9 (10.116.25.9) 56(84) bytes of data.
64 bytes from 10.116.25.9: icmp_seq=1 ttl=128 time=0.819 ms
64 bytes from 10.116.25.9: icmp_seq=2 ttl=128 time=0.300 ms

--- 10.116.25.9 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.300/0.559/0.819/0.260 ms
[Expert@fwg--a:2]# traceroute 10.116.25.9
traceroute to 10.116.25.9 (10.116.25.9), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 *

For ping firewall log shows service icmp and passing

But for traceroute service shows gtp_path_mgmt (UDP/33501) and drop on default deny policy

How can we do traceroute?

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Champion
Champion

Add the traceroute service to the services column, this will allow both the ping version and the UDP 33xxx version.

Regards, Maarten

View solution in original post

2 Replies
Highlighted
Champion
Champion

Add the traceroute service to the services column, this will allow both the ping version and the UDP 33xxx version.

Regards, Maarten

View solution in original post

Highlighted
Contributor

Linux traceroute uses udp by default, unlike windows which relies on icmp.