Trace function problem in Eudemon

Publication Date:  2014-04-23 Views:  353 Downloads:  0
Issue Description
In company A, we have product Eudemon 8080E with version V200R001C01SPC900. Customer want to enable trace route function between trust zone to untrust zone, local zone to untrust zone. We tried doing trace route function to trace the problem between diffrent router nodes. But couldn't trace the ip from local to untrust zone and also we couldn't trace the untrust zone ip from trust zone.
Alarm Information
None
Handling Process
After realizing that trace function was disable in firewall then we have change the configuration as: “undo firewall defend tracert enable” then we allow only certain IP to do trace route function by making acl between different interzone.
Root Cause

There was some remote IP (X.X.X.X/32) in untrust zone not rechable from our network. Customer want to know in which router there is problem. so they want us to enable trace route function between trust and untrust zone, also between local and untrust zone.
We check all the interzone ACL configuration everything was ok. we even tried allowing all IP as "rule 100 permit ip" between trust and untrust, local and untrust interzone acl but still can not do trace function.
so later we realise that we have enable the defend tracert function as "firewall defend tracert enable" which was not allowing to do trace route between diffrent zone.
 

Suggestions
It is good to know the function of each configuration done in firewall, unknowing we shouldn’t configure anything in firewall. With this case it is clear that in firewall each default functional parameter has its own definition.

END