The problem of USG9300 tracert

Publication Date:  2012-10-18 Views:  258 Downloads:  0
Issue Description
 USG9300 startup vlanif interface
interface Vlanif503
description connect to XiDeShengWangGuan S5352 gi 0/0/39
ip address 188.1.22.122 255.255.255.252

the intranet network Under USG9310 tracert external, such as sina, found that some computer can tracert to USG9310 address, some tracert to USG9300 no display.
The diagram displays the tracert from the customer computer:

Alarm Information
none
Handling Process
If ask to do not tracert to firewall, need to open tracert attack defense.
1. In the user view to execute the command system - view, get in the system view.
2. Executive command firewall defend tracert enable, open tracert message attack defense function.
Root Cause
Cause: USG9310 is open trace by default, because there is Vlanif interface in configuration, so some computer can trace, USG9300 from VLAN_IF access to TRACERT cannot display.
Suggestions
The tracert of firewall under USG5500 version is closed by default, but USG9300 is open by default.

END