No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

USG6600 doesn't show IP in tracert output

Publication Date:  2017-10-05 Views:  126 Downloads:  0
Issue Description

Customer cannot see it's firewall IP in a tracert output.

when customer do traceroute from client to some destination, he noted that the first hop (the USG Firewall)
is hidden. Example:

1             *                             *                            *                 -->  this hop is the firewall and tracert response is hidden to client
2             <1ms                     <1ms                     <1ms                     90.147.131.xxx
3             1                            1                            1                193.206.xxx.1

Solution

By CLI command, from the system view, execute:


icmp ttl-exceeded send - By default, an interface is disabled to send ICMP Time Exceeded message;
icmp host-unreachable send - this command enables transmitting the ICMP host-unreachable packets;
undo firewall defend tracert enable - if (firewall defend tracert enable) command is configured, a FW discards ICMP timeout packets, UDP timeout packets, or destination port unreachable packets. 

END