Can the USG firewall be traversed by the tracert command?

1. Tracert firewall itself
Need to release the ICMP or UDP packet filtering to the local area of the firewall. If Tracert uses ICMP packets, you need to run the ip unreachables enable command to enable sending of ICU destination unreachable packets.

2. Tracert is forwarded through the firewall
A. Release the ICMP or UDP packet filtering through the firewall.
B. Configure the ICMP timeout packet function (command: ip ttl-expires enable).
C. Disable the Tracert packet attack defense function (command: undo firewall defend tracert enable).

The UDP port used by the Tracert protocol is: first hop 33434, second hop 33435, third jump 33436 ... and so on (the algorithm is 33434 + N-1 where N is the hop count).

Scroll to top