No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


FAQ-How to show the concealed routes when you are doing tracert to USG5500

Publication Date:  2015-10-30 Views:  631 Downloads:  0
Issue Description

When doing the tracert and the packets travel though the firewall ,we cannot see the detailed hops and it shows as "stars" instead,

here is the topology ,when we ping from Client 1 to Client 2 ,it shows like this :



traceroute to, 8 hops max

(ICMP), press Ctrl+C to stop

1   16 ms  62 ms  47 ms

2    *  *  *                   (this hop stands for  firewall )

3   156 ms  78 ms  94 ms

4   109 ms  47 ms  62 ms


After adding the following commands and we can see the detailed hops:

[SRG]ip ttl-expires enable

[SRG]ip unreachables enable

 [SRG]undo  firewall defend tracert enable


Test result shown here :


traceroute to, 8 hops max

(ICMP), press Ctrl+C to stop

1   62 ms  31 ms  32 ms

2   62 ms  47 ms  47 ms

3   78 ms  78 ms  63 ms

4   31 ms  47 ms  62 ms

By default an interface doesn't reply with an ICMP Time Exceeded message after it receives a message with TTL 1 , we need enable the sending of ICMP destination unreachable packets and  the ICMP timeout packets  with both commands.