Hot!Traceroute not showing hop

Author
ahmadhusain
Bronze Member
  • Total Posts : 21
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/05/05 04:29:12
  • Status: offline
2018/05/24 00:29:31 (permalink)
0

Traceroute not showing hop

Dear
 i'm facing the traceroute issue on the fortigate 
when i try to tracroute from the cisco router to fortigate it's not showing the route form router to firewall
the FG firewall configured behind of the router.
everything is working fine i can ping form the router but when i tracerouter it showing *****
when i try form the computer it's showing me the hop count 
i also tried to check from the switch i'm getting same result as like the router, not showing the route.
 please help
Thanks 
#1

10 Replies Related Threads

    Nicholas Doropoulos
    Silver Member
    • Total Posts : 72
    • Scores: 2
    • Reward points: 0
    • Joined: 2018/05/03 13:49:11
    • Status: offline
    Re: Traceroute not showing hop 2018/05/27 12:17:40 (permalink)
    0
    Is it the WAN interface of the firewall you cannot traceroute to? If yes, ensure that the "ping" box is enabled on the WAN interface on the GUI under Network>Interfaces. Alternatively, execute the following command on the CLI:
     
    show system interface [relevant port]
     
    If ping is not listed there, do the following:
     
    config system interface 
    edit [relevant port]
    set allowaccess ping [along with any other protocols already listed]
     
    I hope the above helps.
    #2
    ahmadhusain
    Bronze Member
    • Total Posts : 21
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/05 04:29:12
    • Status: offline
    Re: Traceroute not showing hop 2018/05/28 03:48:35 (permalink)
    0
    the ping and other services are allowed on the firewall 
    i can ping the firewall only problem with the traceroute 
    #3
    Nicholas Doropoulos
    Silver Member
    • Total Posts : 72
    • Scores: 2
    • Reward points: 0
    • Joined: 2018/05/03 13:49:11
    • Status: offline
    Re: Traceroute not showing hop 2018/05/28 04:31:08 (permalink)
    0
    Do you traceroute by hostname or IP address?
    #4
    ahmadhusain
    Bronze Member
    • Total Posts : 21
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/05 04:29:12
    • Status: offline
    Re: Traceroute not showing hop 2018/05/28 04:37:29 (permalink)
    0
    by IP 
    #5
    Nicholas Doropoulos
    Silver Member
    • Total Posts : 72
    • Scores: 2
    • Reward points: 0
    • Joined: 2018/05/03 13:49:11
    • Status: offline
    Re: Traceroute not showing hop 2018/05/28 04:46:00 (permalink)
    0
    Try tracerouting to FGT from a different interface from your cisco router and advise results.
    #6
    ahmadhusain
    Bronze Member
    • Total Posts : 21
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/05 04:29:12
    • Status: offline
    Re: Traceroute not showing hop 2018/05/28 05:06:37 (permalink)
    0
    Thanks for reply
    i have only one interface on my router
    i have tried from the switch and i'm getting same result 
    *****
     
    but the device like the windows OS i can trace FG 
     
    #7
    Nicholas Doropoulos
    Silver Member
    • Total Posts : 72
    • Scores: 2
    • Reward points: 0
    • Joined: 2018/05/03 13:49:11
    • Status: offline
    Re: Traceroute not showing hop 2018/05/28 05:38:34 (permalink)
    0
    Please provide the following information to investigate the issue further:
     
    1) A diagram of your topology.
     
    2) On Fortigate's CLI, run the following command:
     
    diagnose sniffer packet [interface you are trying to traceroute to] "(host <router's ip address> and host <fortigate's ip address>) and icmp" 4
     
    At the same time, run traceroute on the cisco router for at least 6 hops and advise results.
     
    3) What firewall policies do you have in place that match inbound traffic? Is logging enabled on them and if so, what do the logs show?
    #8
    ahmadhusain
    Bronze Member
    • Total Posts : 21
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/05/05 04:29:12
    • Status: offline
    Re: Traceroute not showing hop 2018/06/09 12:51:06 (permalink)
    0
    Thanks for your help
     
    my problem is when i try to ping or traceroute form the router it's showing me the timeout from the remote site.But when i try to ping from any client computer OS "windows" it's working both can traceroute and ping from the remote site
    Only problem coming with the router 
     
    Please Help 
     
    #9
    iqbshaik
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/12/07 04:02:36
    • Status: offline
    Re: Traceroute not showing hop 2018/12/07 04:06:07 (permalink)
    0
    It depends on session. When there is no session from the source ip and the first trace packet you send through fortigate then it will show its hop in tracert. In the proceeding traceroutes it will not show you its ip in trace till the session timeout. Kill the session on fortigate and trace again you will see the hop in the trace again. 
    #10
    rwpatterson
    Expert Member
    • Total Posts : 8302
    • Scores: 181
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: online
    Re: Traceroute not showing hop 2018/12/07 06:19:03 (permalink)
    0
    In the CLI, check the PING options. Make sure the interface is the one you want to trace route from.
     
    Gateway # exec ping-options source
    <string> auto | <source interface ip>

     
    Also, if the other end of the trace route is over a tunnel, make sure the source (or interface) IP is allowed over that span.
    post edited by rwpatterson - 2018/12/07 06:21:05

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #11
    Jump to:
    © 2018 APG vNext Commercial Version 5.5