Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
dsharma
Staff
Staff

Created on ‎04-15-2019 01:08 AM Edited on ‎08-13-2024 08:48 AM By Moderator

Article Id 197241

Troubleshooting Tip: Using traceroute options from FortiGate CLI

Description


This article describes FortiGate traceroute options that can be used for various troubleshooting purposes. One particularly useful option is source.

 

Scope

 

FortiGate.

Solution


There may be specific cases where the default values in traceroute requests need to be adapted or modified.

In the FortiGate CLI, enter the following command to see all options:

 

execute traceroute-options ?        <- Use the ? mark to see the options available.

--Keyword description for the options available in FortiGate CLI traceroute command,

   device    Auto | <ifname>.
   queries      Integer value to specify number of queries per hop.

   reset       Reset settings.
   source       Auto | <source interface IP>.
   use-sdwan       Use SD-WAN rules to get output interface <yes | no>.
   view-settings       View the current options of traceroute.

 

By default, the traceroute options are the following:

 

    execute traceroute-options view-settings

    Traceroute Options:
    Number of probes per hop: 3
    Source Address: auto
    Device: auto

    Use SD-WAN: no

 

To change any of the default values, use the following commands:

 

execute traceroute-options device {Auto | <ifname>}: Specify the FortiGate interface name from which to send the traceroute.

execute traceroute-options source {Auto | <source interface IP>}: Specify the FortiGate interface IP from which to send the traceroute.

execute traceroute-options queries {Integer value [1, 10]}: Specify how many traceroute request packets the FortitiGate sends to each hop in the path towards the destination.

execute traceroute-options reset : Reset traceroute options to default values.

execute traceroute-options use-sdwan {<yes | no>}: If set to 'yes', the traceroute will follow SD-WAN rules and policy routes. Usually used with other options, such as source, to match a specific SD-WAN rule that is based on a specific source address.

 

Notes:

  • The traceroute works by sending ICMP packets to test each hop along the route. It will send out three packets, and then increase the time to live (TTL) setting by one each time.
  •  The traceroute by default uses UDP datagrams with destination ports numbered from 33434 to 33534.

 

execute traceroute-options queries 5

execute traceroute-options source 10.10.10.129

execute traceroute google.com
traceroute to google.com (142.251.37.238), 32 hops max, 5 probe packets per hop, 84 byte packets
1 10.10.10.254 0.650 ms 0.306 ms 0.222 ms 0.208 ms 0.219 ms
2 78.x.x.100 1.381 ms 1.619 ms 1.244 ms 1.012 ms 1.089 ms
3 46.x.x.64 1.820 ms 1.853 ms 1.588 ms 1.521 ms 1.475 ms
4 85.x.x.64 3.706 ms 3.620 ms 3.508 ms 3.531 ms 3.412 ms
5 85.x.x.32 3.177 ms 3.183 ms 2.954 ms 3.176 ms 3.292 ms
6 192.178.105.91 3.240 ms 3.061 ms 3.195 ms 3.997 ms 3.139 ms
7 142.251.78.85 3.052 ms 3.038 ms 3.016 ms 3.239 ms 3.210 ms
8 142.251.37.238 <google.com> 4.489 ms 3.362 ms 3.342 ms 3.229 ms 3.248 ms

 

The above traceroute options are only available for IPv4 traceroutes.

IPv6 traceroute command tracert6 does not (yet) offer customizable options.

 

Related article:

Technical Tip: Explaining traceroutes

82878
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.