FAQ-How Do I Configure the Firewall So That No Asterisk (*) Is Displayed When I Run the Tracert Command

Publication Date:  2015-06-30 Views:  136 Downloads:  0
Issue Description
How Do I Configure the Firewall So That No Asterisk (*) Is Displayed When I Run the Tracert Command?
Solution
Tracert to the firewall

Enable packet filtering of ICMP or UDP packets to the Local zone. If Tracert uses ICMP packets, you also need to run the ip unreachables enable command to enable the firewall to send ICMP unreachable packets.

Tracert forwarded by the firewall

1. Enable packet filtering of ICMP or UDP packets forwarded by the firewall.

2. Enable the firewall to send ICMP timeout packets (command: ip ttl-expires enable).

3. Disable Tracert packet attack defense (command: undo firewall defend tracert enable).

NOTE:
The destination UDP ports used by tracert are 33434 for the first hop, 33435 for the second hop, 33436 for the third hop, and the rest is deduced by analogy (the formula is 33434 + N - 1, in which N indicates the hops).

END